Apache-1.3.26 w/mod_proxy and mod_ssl-2.8.10 problems
am 07.10.2002 11:52:07 von Jens-Harald JohansenNames have been changed to protect the innocent.
Running on SunOS 5.8 Generic_108528-16 sun4u sparc SUNW,Ultra-250
I'm having problems with a PDF file which has a size of 1.4MB which I'm trying
to view over a SSL connection.
When viewing the page with IE 5.5 I can't use the "Open file from its current
location" option but I'm forced to use the "Save this file to disk" instead.
When pressing OK it pops up with an error message like "not able to open this
intranet site".
When trying to view the same page in Netscape 4.7 it immediatly opens part of
the PDF as an object. The problem here is that it looks like it only gets a
part of the document before disconnecting.
When I do the same with Opera ... lo and behold ... it works. Forgot to mention
that when I shift-click in netscape it downloads the file without any problems.
Here's a small part of the ssl_engine_log which pops up when I try the IE
approach:
[03/Oct/2002 14:50:42 11648] [info] Connection to child 4 established (server
apache.duh.com:443, client 192.168.10.10)
[03/Oct/2002 14:50:42 11648] [info] Seeding PRNG with 1160 bytes of entropy
[03/Oct/2002 14:50:44 11648] [info] Connection: Client IP: 192.168.10.10,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[03/Oct/2002 14:50:44 11648] [info] Initial (No.1) HTTPS request received for
child 4 (server apache.duh.com:443)
[03/Oct/2002 14:50:51 11648] [info] Connection to child 4 closed with standard
shutdown (server apache.duh.com:443, client 192.168.10.10)
And from the same log when I try it through Netscape:
[03/Oct/2002 15:07:47 11733] [info] Connection to child 3 established (server
apache.duh.com:443, client 192.168.10.10)
[03/Oct/2002 15:07:47 11733] [info] Seeding PRNG with 1160 bytes of entropy
[03/Oct/2002 15:07:48 11733] [info] Connection: Client IP: 192.168.10.10,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[03/Oct/2002 15:07:48 11733] [info] Initial (No.1) HTTPS request received for
child 3 (server apache.duh.com:443)
[03/Oct/2002 15:07:48 11734] [info] Connection to child 4 established (server
apache.duh.com:443, client 192.168.10.10)
[03/Oct/2002 15:07:48 11734] [info] Seeding PRNG with 1160 bytes of entropy
[03/Oct/2002 15:07:48 11733] [info] Connection to child 3 closed with standard
shutdown (server apache.duh.com:443, client 192.168.10.10)
[03/Oct/2002 15:07:48 11734] [info] Connection: Client IP: 192.168.10.10,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[03/Oct/2002 15:07:48 11734] [info] Initial (No.1) HTTPS request received for
child 4 (server apache.duh.com:443)
[03/Oct/2002 15:07:49 11734] [info] Connection to child 4 closed with standard
shutdown (server apache.duh.com:443, client 192.168.10.10)
And finally, when I use Opera:
[07/Oct/2002 11:39:40 13859] [info] Connection to child 5 established (server
apache.duh.com:443, client 192.168.10.10)
[07/Oct/2002 11:39:40 13859] [info] Seeding PRNG with 1160 bytes of entropy
[07/Oct/2002 11:39:40 13859] [info] Connection: Client IP: 192.168.10.10,
Protocol: TLSv1, Cipher: RC4-SHA (128/128 bits)
[07/Oct/2002 11:39:40 13859] [info] Initial (No.1) HTTPS request received for
child 5 (server apache.duh.com:443)
[07/Oct/2002 11:39:42 13859] [info] Connection to child 5 closed with standard
shutdown (server apache.duh.com:443, client 192.168.10.10)
As mentioned Apache has been compiled with mod_ssl and we're using
OpenSSL lib 0.9.6g. Configure string looks like this:
../configure --with-apache=../httpd-1.3.26
for mod_ssl and Apache:
SSL_BASE=/opt/SMCossl
../configure --prefix=/local/apache-1.3.26 --enable-module=proxy --enable-module
=so --enable-module=ssl --enable-module=rewrite --enable-module=info
Here's a small portion of the httpd.config:
Listen 80
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
ProxyRequests On
ProxyPass /DUH/ http://apache-1.duh.com/
ProxyPassReverse /DUH/ http://apache-1.duh.com/
ProxyPass /bil/ http://apache-1.duh.com/bil/
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/local/apache-1.3.26/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/local/apache-1.3.26/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog /local/apache-1.3.26/logs/ssl_engine_log
SSLLogLevel trace
DocumentRoot "/local/apache-1.3.26/htdocs"
ServerName apache.duh.com
ServerAdmin root@apache.duh.com
ErrorLog /local/apache-1.3.26/logs/error_log
TransferLog /local/apache-1.3.26/logs/access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+e NULL
SSLCertificateFile /local/apache-1.3.26/conf/ssl.crt/server.cert
SSLCertificateKeyFile /local/apache-1.3.26/conf/ssl.key/server.key
SSLVerifyClient none
SSLVerifyDepth 5
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /local/apache-1.3.26/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Anything else which is needed here ?
Now, I've tried to find solutions to this here problem for some time now.
I've RTFM, I've read the FAQ, I've read miscellaneous postings here and there
outlining possible solutions to this problem (I guess its not just related to
PDF files??) and I've tried to add a few settings here and there to the config
without any success.
When I'm using the HTTP instead of HTTPS I have no trouble at all getting the
document from any browser so my thoughts is that it is mod_ssl which is the
problem (or browsers).
Anyone ?
Regards
Jens-Harald Johansen
The wisest man I ever knew taught me something I never forgot.
Although I never forgot it, I never quite memorized it, either.
So what I am left with is the memory of having learned something very wise that
I can't quite remember.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org