SSL web server configuration

SSL web server configuration

am 14.11.2006 17:43:56 von Jacob Sarusi

--0-1362401121-1163522636=:14143
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

I have a web-site supporting HTTPS.
Everything is OK interfacing web browsers like IE.
Lately I needed to interface with a Java client, full connection can no=
t be establish.
In order to debug I used:
openssl s_server -cipher 'ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:=
+eNULL' -cert /etc/httpd/conf/ssl.crt/server.crt -key /etc/httpd/conf/ssl=
..key/server.key -accept 443 -debug -state -HTTP
where the indicated cipher is the exact ciphersuit I have in the web se=
rver, and cert and key are the same a the ones used in my web server.=20
=20
Using the openssl in debug, Java client receives the response.
I am trying to understand the difference in web server behavior and ope=
nssl in debug mode behavior. Why when in debug, everything goes well, whi=
le in web server mode, it fails?
=20
my server conf:
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/tranzit_ssl_request_log clfa
=20
Hope there is someone that can help.
Jacob
=20
=20

=09
---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.
--0-1362401121-1163522636=:14143
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

I have a web-site supporting HTTPS.
Everything is OK int=
erfacing web browsers like IE.
Lately I needed to interface w=
ith a Java client, full connection can not be establish.
In o=
rder to debug I used:
openssl s_server -cipher 'ALL:!ADH:!EXP=
ORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL' -cert /etc/httpd/conf/ssl.crt/ser=
ver.crt -key /etc/httpd/conf/ssl.key/server.key -accept 443 -debug  =
-state -HTTP
where the indicated cipher is the exact ciphersu=
it I have in the web server, and cert and key are the same a the ones use=
d in my web server. 
 
Using the openss=
l in debug, Java client receives the response.
I am trying to=
understand the difference in web server behavior and openssl in debug mo=
de behavior. Why when in debug, everything goes well, while in web server=
mode, it fails?
 
my server conf:
IV>SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL
SSLCertificateFil=
e /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/=
conf/ssl.key/server.key
SSLOptions +StdEnvVars
SetEnvIf User-Agent =
".*MSIE.*" \
        nokeepalive ss=
l-unclean-shutdown \
        downgr=
ade-1.0 force-response-1.0
CustomLog logs/tranzit_ssl_request_log clfa=
 
Hope there is someone that can help. >
Jacob
 
 


=09



Everyone is raving about vt=3D42297/*http://advision.webevents.yahoo.com/mailbeta">th e all-new Yah=
oo! Mail beta.
--0-1362401121-1163522636=:14143--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org