Apache mod_ssl hanging browser

am 27.06.2002 17:53:33 von Peter Cronin

This is a multi-part message in MIME format.

------=_NextPart_000_002B_01C21DD1.430DE670
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Was wondering if anyone can help me? I believe I have mod_ssl loaded =
correctly and configurd correctly, but I get the following situation =
when I access my SSL site.=20
- https://secure.aebdemo.com, it just hangs on site, but says host =
contacted...
- this is what the SSL.log says: It looks like it confgures ok for =
secure.aebdemo.com:443

[26/Jun/2002 22:01:53 02320] [info] Init: Configuring server =
secure.aebdemo.com:443 for SSL protocol

[26/Jun/2002 22:01:53 02404] [info] Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.9, Library: OpenSSL/0.9.6d

[26/Jun/2002 22:01:53 02404] [warn] You are using mod_ssl under Win32. =
This combination is *NOT* officially supported. Use it at your own risk!

[26/Jun/2002 22:01:53 02404] [info] Init: 1st startup round (still not =
detached)

[26/Jun/2002 22:01:53 02404] [info] Init: Initializing OpenSSL library

[26/Jun/2002 22:01:53 02404] [info] Init: Loading certificate & private =
key of SSL-aware server secure.aebdemo.com:443

[26/Jun/2002 22:01:53 02404] [info] Init: Seeding PRNG with 136 bytes of =
entropy

[26/Jun/2002 22:01:53 02404] [info] Init: Generating temporary RSA =
private keys (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary DH =
parameters (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Seeding PRNG with 136 bytes of =
entropy

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary RSA =
private keys (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary DH =
parameters (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Initializing (virtual) servers =
for SSL

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring server =
secure.aebdemo.com:443 for SSL protocol

[26/Jun/2002 22:02:02 02404] [info] Connection to child 0 established =
(server secure.aebdemo.com:443, client 205.229.222.70)

[26/Jun/2002 22:02:02 02404] [info] Seeding PRNG with 0 bytes of entropy

My current configuration is:
Windows 2000 SP2
Apache 1.3.26
mod_ssl 2.8.9
openssl .0.9.6d

my configuration in httpd.conf is:
SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none
SSLLog logs/SSL.log
SSLLoglevel info

NameVirtualHost 205.229.222.9:443

Port 443
ServerName secure.aebdemo.com
DocumentRoot d:/data/lm
ErrorLog logs/secureaeb-error_log
CustomLog logs/secureaeb-access_log combined
SSLEngine On
SSLCertificateFile conf/ssl/secure.aebdemo.com.cert
SSLCertificateKeyFile conf/ssl/secure.aebdemo.com.key

Any help would be appreciated.

Peter S. Cronin
Plexsys Technologies, Inc
http://www.psconcepts.com
732-280-9550

------=_NextPart_000_002B_01C21DD1.430DE670
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

charset=3Diso-8859-1">

Was wondering if anyone can help me? I =
believe I=20
have mod_ssl loaded correctly and configurd correctly, but I get the =
following=20
situation when I access my SSL site.

- href=3D"https://secure.aebdemo.com">https://secure.aebdemo.c om, it =
just hangs=20
on site, but says host contacted...

- this is what the SSL.log says: It =
looks like it=20
confgures ok for secure.aebdemo.com:443

[26/Jun/2002 22:01:53 02320] [info] Init: Configuring server=20
secure.aebdemo.com:443 for SSL protocol

[26/Jun/2002 22:01:53 02404] [info] Server: Apache/1.3.26, Interface: =

mod_ssl/2.8.9, Library: OpenSSL/0.9.6d

[26/Jun/2002 22:01:53 02404] [warn] You are using mod_ssl under =
Win32. This=20
combination is *NOT* officially supported. Use it at your own risk!

[26/Jun/2002 22:01:53 02404] [info] Init: 1st startup round (still =
not=20
detached)

[26/Jun/2002 22:01:53 02404] [info] Init: Initializing OpenSSL =
library

[26/Jun/2002 22:01:53 02404] [info] Init: Loading certificate & =
private=20
key of SSL-aware server secure.aebdemo.com:443

[26/Jun/2002 22:01:53 02404] [info] Init: Seeding PRNG with 136 bytes =
of=20
entropy

[26/Jun/2002 22:01:53 02404] [info] Init: Generating temporary RSA =
private=20
keys (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary DH =
parameters=20
(512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Seeding PRNG with 136 bytes =
of=20
entropy

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary RSA =
private=20
keys (512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring temporary DH =
parameters=20
(512/1024 bits)

[26/Jun/2002 22:01:53 02404] [info] Init: Initializing (virtual) =
servers for=20
SSL

[26/Jun/2002 22:01:53 02404] [info] Init: Configuring server=20
secure.aebdemo.com:443 for SSL protocol

[26/Jun/2002 22:02:02 02404] [info] Connection to child 0 established =
(server=20
secure.aebdemo.com:443, client 205.229.222.70)

[26/Jun/2002 22:02:02 02404] [info] Seeding PRNG with 0 bytes of=20
entropy

My current configuration =
is:

Windows 2000 SP2

Apache 1.3.26

mod_ssl 2.8.9

openssl .0.9.6d

my configuration in httpd.conf =
is:

SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed =
connect=20
builtin
SSLSessionCache none
SSLLog logs/SSL.log
SSLLoglevel=20
info

NameVirtualHost 205.229.222.9:443

<VirtualHost 205.229.222.9:443>
Port 443
ServerName=20
secure.aebdemo.com
DocumentRoot d:/data/lm
ErrorLog=20
logs/secureaeb-error_log
CustomLog logs/secureaeb-access_log=20
combined
SSLEngine On
SSLCertificateFile=20
conf/ssl/secure.aebdemo.com.cert
SSLCertificateKeyFile=20
conf/ssl/secure.aebdemo.com.key
</VirtualHost>

Any help would be =
appreciated.

Peter S. Cronin
Plexsys =
Technologies, Inc
href=3D"http://www.psconcepts.com">http://www.psconcepts.com
732-2=
80-9550

------=_NextPart_000_002B_01C21DD1.430DE670--

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache mod_ssl hanging browser

am 27.06.2002 21:55:54 von Geoff Thorpe

Hi,

On Thu, 27 Jun 2002, Peter Cronin wrote:

> Was wondering if anyone can help me? I believe I have mod_ssl loaded
> correctly and configurd correctly, but I get the following situation
> when I access my SSL site.
> - https://secure.aebdemo.com, it just hangs on site, but says host contacted...
> - this is what the SSL.log says: It looks like it confgures ok for secure.aebdemo.com:443

[snip]

> [26/Jun/2002 22:02:02 02404] [info] Connection to child 0 established (server secure.aebdemo.com:443, client 205.229.222.70)
>
> [26/Jun/2002 22:02:02 02404] [info] Seeding PRNG with 0 bytes of entropy

[snip]

> my configuration in httpd.conf is:
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLSessionCache none

[snip]

It would appear you may have a PRNG problem, and given that you're running
on some variant of windows, it wouldn't surprise me in the least. I don't
know much (read: anything) about mod_ssl's operation under win32, but one
way for you to find out *if* this what's causing your problems, try using
some largish file (eg. 32Kb or bigger should certainly be enough) and
feeding that into SSLRandomSeed, ie. replace "builtin" in both of those
lines with "file:".

If that works, don't leave it like that as it represents a security risk.
However, it would at least tell you if a working source of entropy for the
PRNG is all that separates you from a functioning system, otherwise the
problem lies elsewhere. As for a working PRNG solution on windows that you
*could* use in production ... good question ... you may want to ask that
separately on this list as/when you know if it's the problem. Lutz is on
this list, he'd have a better chance of answering such a question than I.

Cheers,
Geoff

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org