SSL aware server not encrypting

SSL aware server not encrypting

am 17.03.2003 00:47:43 von Vince Montuoro

This is a multi-part message in MIME format.

------_=_NextPart_001_01C2EC16.706DADDC
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I 've had this problem for a while, i have two servers, Only one is =
publiccly visible at any one time, when the first goes down i (should =
be) enable the second one on our firewall by changeing the nat. BUT on =
the second server apache never seems to negoiate a secure connection!
=20
by this i mean "https" will not work, but =
http://....:443 will work.
=20
Both servers have an identical build and config structure.
=20
For you help i have include the ssl log level (debug)
=20
[17/Mar/2003 10:32:25 01224] [info] Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.10, Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:25 01224] [warn] You are using mod_ssl under Win32. =
This combination is *NOT* officially supported. Use it at your own risk!
[17/Mar/2003 10:32:25 01224] [info] Init: 1st startup round (still not =
detached)
[17/Mar/2003 10:32:25 01224] [info] Init: Initializing OpenSSL library
[17/Mar/2003 10:32:25 01224] [info] Init: Loading certificate & private =
key of SSL-aware server mytest.com.au:443
[17/Mar/2003 10:32:25 01224] [trace] Init: (mytest.com.au:443) =
unencrypted RSA private key - pass phrase not required
[17/Mar/2003 10:32:25 01224] [info] Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:25 01224] [info] Init: Generating temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:25 01224] [info] Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session Cache (DBM) =
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] [info] Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:26 01224] [info] Init: Configuring temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info] Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info] Init: Initializing (virtual) =
servers for SSL
[17/Mar/2003 10:32:26 01224] [info] Init: Configuring server =
mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Creating =
new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring permitted SSL ciphers =
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+R SA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring client authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate: /O=3DVeriSign Trust =
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - =
Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 =
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] [info] Init: (mytest.com.au:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server private key
[17/Mar/2003 10:32:26 01224] [info] Init: 2nd startup round (already =
detached)
[17/Mar/2003 10:32:26 01224] [info] Init: Reinitializing OpenSSL =
library
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session Cache (DBM) =
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] [info] Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:26 01224] [info] Init: Configuring temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info] Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info] Init: Initializing (virtual) =
servers for SSL
[17/Mar/2003 10:32:26 01224] [info] Init: Configuring server =
mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Creating =
new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring permitted SSL ciphers =
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+R SA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring client authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate: /O=3DVeriSign Trust =
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - =
Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 =
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] [info] Init: (mytest.com.au:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) =
Configuring RSA server private key
[17/Mar/2003 10:32:27 00912] [info] Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.10, Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:27 00912] [warn] You are using mod_ssl under Win32. =
This combination is *NOT* officially supported. Use it at your own risk!
[17/Mar/2003 10:32:27 00912] [info] Init: 1st startup round (still not =
detached)
[17/Mar/2003 10:32:27 00912] [info] Init: Initializing OpenSSL library
[17/Mar/2003 10:32:27 00912] [info] Init: Loading certificate & private =
key of SSL-aware server mytest.com.au:443
[17/Mar/2003 10:32:27 00912] [trace] Init: (mytest.com.au:443) =
unencrypted RSA private key - pass phrase not required
[17/Mar/2003 10:32:27 00912] [info] Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:27 00912] [info] Init: Generating temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info] Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [trace] Inter-Process Session Cache (DBM) =
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:28 00912] [info] Init: Seeding PRNG with 136 bytes =
of entropy
[17/Mar/2003 10:32:28 00912] [info] Init: Configuring temporary RSA =
private keys (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info] Init: Configuring temporary DH =
parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info] Init: Initializing (virtual) =
servers for SSL
[17/Mar/2003 10:32:28 00912] [info] Init: Configuring server =
mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) Creating =
new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring permitted SSL ciphers =
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+R SA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring client authentication
[17/Mar/2003 10:32:28 00912] [trace] CA certificate: /O=3DVeriSign Trust =
Network/OU=3DVeriSign, Inc./OU=3DVeriSign International Server CA - =
Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 =
VeriSign
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring RSA server certificate
[17/Mar/2003 10:32:28 00912] [info] Init: (mytest.com.au:443) RSA =
server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) =
Configuring RSA server private key

=20
=20
=20
=20
Regards,=20
=20
Vince=20

------_=_NextPart_001_01C2EC16.706DADDC
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



charset=3Diso-8859-1">




size=3D2>    I=20
've had this problem for a while, i have two servers, Only one is =
publiccly=20
visible at any one time,  when the first goes down i (should be) =
enable the=20
second one on our firewall by changeing the nat.  BUT on the second =
server=20
apache never seems to negoiate a secure connection!

size=3D2> 

by =
this i mean=20
"https" will not work, but face=3DArial=20
color=3D#000000 size=3D2>http://....:443 size=3D2>  face=3DArial=20
size=3D2>will work.

size=3D2> 

Both =
servers have an=20
identical build and config structure.

size=3D2> 

For =
you help i have=20
include the ssl log level (debug)

size=3D2> 

size=3D2>[17/Mar/2003=20
10:32:25 01224] [info]  Server: Apache/1.3.26, Interface: =
mod_ssl/2.8.10,=20
Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:25 01224] [warn]  You =
are=20
using mod_ssl under Win32. This combination is *NOT* officially =
supported. Use=20
it at your own risk!
[17/Mar/2003 10:32:25 01224] [info]  Init: =
1st=20
startup round (still not detached)
[17/Mar/2003 10:32:25 01224] =
[info] =20
Init: Initializing OpenSSL library
[17/Mar/2003 10:32:25 01224] =
[info] =20
Init: Loading certificate & private key of SSL-aware server=20
mytest.com.au:443
[17/Mar/2003 10:32:25 01224] [trace] Init:=20
(mytest.com.au:443) unencrypted RSA private key - pass phrase not=20
required
[17/Mar/2003 10:32:25 01224] [info]  Init: Seeding PRNG =
with=20
136 bytes of entropy
[17/Mar/2003 10:32:25 01224] [info]  Init:=20
Generating temporary RSA private keys (512/1024 bits)
[17/Mar/2003 =
10:32:25=20
01224] [info]  Init: Configuring temporary DH parameters (512/1024=20
bits)
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session =
Cache (DBM)=20
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] =
[info] =20
Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:26 =
01224]=20
[info]  Init: Configuring temporary RSA private keys (512/1024=20
bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring =
temporary=20
DH parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] =
[info]  Init:=20
Initializing (virtual) servers for SSL
[17/Mar/2003 10:32:26 01224]=20
[info]  Init: Configuring server mytest.com.au:443 for SSL=20
protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 =
01224]=20
[trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers=20
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+R SA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003=20
10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring client=20
authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate:=20
/O=3DVeriSign Trust Network/OU=3DVeriSign, Inc./OU=3DVeriSign =
International Server CA=20
- Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97=20
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] =
[info] =20
Init: (mytest.com.au:443) RSA server certificate enables Server Gated=20
Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init:=20
(mytest.com.au:443) Configuring RSA server private key
[17/Mar/2003 =
10:32:26=20
01224] [info]  Init: 2nd startup round (already =
detached)
[17/Mar/2003=20
10:32:26 01224] [info]  Init: Reinitializing OpenSSL=20
library
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session =
Cache=20
(DBM) Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] =

[info]  Init: Seeding PRNG with 136 bytes of =
entropy
[17/Mar/2003=20
10:32:26 01224] [info]  Init: Configuring temporary RSA private =
keys=20
(512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: =
Configuring=20
temporary DH parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224]=20
[info]  Init: Initializing (virtual) servers for =
SSL
[17/Mar/2003=20
10:32:26 01224] [info]  Init: Configuring server mytest.com.au:443 =
for SSL=20
protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 =
01224]=20
[trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers=20
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+R SA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003=20
10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring client=20
authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate:=20
/O=3DVeriSign Trust Network/OU=3DVeriSign, Inc./OU=3DVeriSign =
International Server CA=20
- Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97=20
VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: =
(mytest.com.au:443)=20
Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] =
[info] =20
Init: (mytest.com.au:443) RSA server certificate enables Server Gated=20
Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init:=20
(mytest.com.au:443) Configuring RSA server private key
[17/Mar/2003 =
10:32:27=20
00912] [info]  Server: Apache/1.3.26, Interface: mod_ssl/2.8.10, =
Library:=20
OpenSSL/0.9.6d
[17/Mar/2003 10:32:27 00912] [warn]  You are =
using=20
mod_ssl under Win32. This combination is *NOT* officially supported. Use =
it at=20
your own risk!
[17/Mar/2003 10:32:27 00912] [info]  Init: 1st =
startup=20
round (still not detached)
[17/Mar/2003 10:32:27 00912] [info]  =
Init:=20
Initializing OpenSSL library
[17/Mar/2003 10:32:27 00912] =
[info]  Init:=20
Loading certificate & private key of SSL-aware server=20
mytest.com.au:443
[17/Mar/2003 10:32:27 00912] [trace] Init:=20
(mytest.com.au:443) unencrypted RSA private key - pass phrase not=20
required
[17/Mar/2003 10:32:27 00912] [info]  Init: Seeding PRNG =
with=20
136 bytes of entropy
[17/Mar/2003 10:32:27 00912] [info]  Init:=20
Generating temporary RSA private keys (512/1024 bits)
[17/Mar/2003 =
10:32:28=20
00912] [info]  Init: Configuring temporary DH parameters (512/1024=20
bits)
[17/Mar/2003 10:32:28 00912] [trace] Inter-Process Session =
Cache (DBM)=20
Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:28 00912] =
[info] =20
Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:28 =
00912]=20
[info]  Init: Configuring temporary RSA private keys (512/1024=20
bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring =
temporary=20
DH parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] =
[info]  Init:=20
Initializing (virtual) servers for SSL
[17/Mar/2003 10:32:28 00912]=20
[info]  Init: Configuring server mytest.com.au:443 for SSL=20
protocol
[17/Mar/2003 10:32:28 00912] [trace] Init: =
(mytest.com.au:443)=20
Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:28 =
00912]=20
[trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers=20
[!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+R SA:+HIGH:+MED=
IUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003=20
10:32:28 00912] [trace] Init: (mytest.com.au:443) Configuring client=20
authentication
[17/Mar/2003 10:32:28 00912] [trace] CA certificate:=20
/O=3DVeriSign Trust Network/OU=3DVeriSign, Inc./OU=3DVeriSign =
International Server CA=20
- Class 3/OU=3Dwww.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97=20
VeriSign
[17/Mar/2003 10:32:28 00912] [trace] Init: =
(mytest.com.au:443)=20
Configuring RSA server certificate
[17/Mar/2003 10:32:28 00912] =
[info] =20
Init: (mytest.com.au:443) RSA server certificate enables Server Gated=20
Cryptography (SGC)
[17/Mar/2003 10:32:28 00912] [trace] Init:=20
(mytest.com.au:443) Configuring RSA server private key

 

 

 

 

size=3D2>Regards,=20

size=3D2> face=3DArial size=3D2> href=3D"mailto:modssl-users@modssl.or"> 


size=3D2>Vince=20


------_=_NextPart_001_01C2EC16.706DADDC--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org