https access problems

Hi,

I am new to this mailing list. I am having a problem with external internet
access to my server. I have the following in place:

Red Hat 7.3/2.4.18-3
Apache 1.3.27
mod_ssl 2.8.12-1.3.27
OpenSSL 0.9.7a

I have a main server running on port 80, and a virtualhost on port 443 for
the SSL. I can access port 443 100% of the time from any client on my
internal network. From external networks, I am having problems connecting.
I see nothing in IPTraf when these connections external connections don't
connect, nor do I get anything in my log files. I have no problems at all
with http. All internal clients work fine for both http and https on MSIE,
Netscape, and Mozilla. These same clients configured for loopback through a
dial-up and back into a cable-modem can't get in.....most of the time, but
once in a while. The same symptoms occur for other people who have tried to
access my SSL website. They have no problems with http, but https will
almost always refuse the connection or give them a page not displayed.

I found a couple of messages posted on this board which talked about the
SSLSessionCache. I tried changing that to 'none' from 'dbm'. When I did
this, the external connections worked!! 5 minutes later, they were gone,
and I was back to the same place that I started. This is a very strange
problem, and I am NOT an expert.

I see that there are a lot of posts on this board concerning similiar
sounding problems. Has anybody come up with a fix for this? Does anybody
have any suggestions as to what I should do or try next?

Any help here is greatly appreciated.

Konn


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: https access problems

Do you have the ipchains or iptables firewall enabled? Try "service ipchains
stop" and "service iptables stop" to disable it completely and then try
again. In the former case "lokkit" will allow you to configure your firewall
to accept connections on the relevant ports.

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

Evolution isn't true just because the majority of people think it is.

> -----Original Message-----
> From: Konn Danley [mailto:rovingdanley@socal.rr.com]
> Sent: 13 June 2003 19:31
> To: modssl-users@modssl.org
> Subject: https access problems
>
>
> Hi,
>
> I am new to this mailing list. I am having a problem with
> external internet
> access to my server. I have the following in place:
>
> Red Hat 7.3/2.4.18-3
> Apache 1.3.27
> mod_ssl 2.8.12-1.3.27
> OpenSSL 0.9.7a
>
> I have a main server running on port 80, and a virtualhost on
> port 443 for
> the SSL. I can access port 443 100% of the time from any client on my
> internal network. From external networks, I am having
> problems connecting.
> I see nothing in IPTraf when these connections external
> connections don't
> connect, nor do I get anything in my log files. I have no
> problems at all
> with http. All internal clients work fine for both http and
> https on MSIE,
> Netscape, and Mozilla. These same clients configured for
> loopback through a
> dial-up and back into a cable-modem can't get in.....most of
> the time, but
> once in a while. The same symptoms occur for other people
> who have tried to
> access my SSL website. They have no problems with http, but
> https will
> almost always refuse the connection or give them a page not displayed.
>
> I found a couple of messages posted on this board which
> talked about the
> SSLSessionCache. I tried changing that to 'none' from 'dbm'.
> When I did
> this, the external connections worked!! 5 minutes later,
> they were gone,
> and I was back to the same place that I started. This is a
> very strange
> problem, and I am NOT an expert.
>
> I see that there are a lot of posts on this board concerning similiar
> sounding problems. Has anybody come up with a fix for this?
> Does anybody
> have any suggestions as to what I should do or try next?
>
> Any help here is greatly appreciated.
>
> Konn
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: https access problems

Hi John,

Thanks for the response.

The thing is, I can get in once in a while (1 in 100 times). When I first
encountered the problem, I thought it was a firewalling problem. I use both
TCP wrappers and iptables. I had disabled both without any change in the
problem. The fact that I can get in once in a while leads me to think that
it is not a firewalling problem. I can get in with the machines on my
internal network 100% of the time. I have never had a problem with http on
either internal or external. It is https only. I did try what you
suggested with no change in the problem, and I did do this before on several
occasions.

I have a wireless access point which acts as my gateway. I am wondering if
there is a problem with NAT?

The strange thing is that when I changed the SSLSessionCache from 'dbm' to
'none' (I don't think my platform supports shm), I was able to get in with
external access 100% of the time. I thought my problem was fixed, but 5
minutes later, the connections could not get in.

Since I sent the last mail, I now have all of the latest software, mod_ssl
2.8.14, OpenSSL 0.9.7b. and I still have the same problem.

Konn


----- Original Message -----
From:
To:
Sent: Monday, June 16, 2003 1:34 AM
Subject: RE: https access problems


> Do you have the ipchains or iptables firewall enabled? Try "service
ipchains
> stop" and "service iptables stop" to disable it completely and then try
> again. In the former case "lokkit" will allow you to configure your
firewall
> to accept connections on the relevant ports.
>
> -
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
>
> Evolution isn't true just because the majority of people think it is.
>
> > -----Original Message-----
> > From: Konn Danley [mailto:rovingdanley@socal.rr.com]
> > Sent: 13 June 2003 19:31
> > To: modssl-users@modssl.org
> > Subject: https access problems
> >
> >
> > Hi,
> >
> > I am new to this mailing list. I am having a problem with
> > external internet
> > access to my server. I have the following in place:
> >
> > Red Hat 7.3/2.4.18-3
> > Apache 1.3.27
> > mod_ssl 2.8.12-1.3.27
> > OpenSSL 0.9.7a
> >
> > I have a main server running on port 80, and a virtualhost on
> > port 443 for
> > the SSL. I can access port 443 100% of the time from any client on my
> > internal network. From external networks, I am having
> > problems connecting.
> > I see nothing in IPTraf when these connections external
> > connections don't
> > connect, nor do I get anything in my log files. I have no
> > problems at all
> > with http. All internal clients work fine for both http and
> > https on MSIE,
> > Netscape, and Mozilla. These same clients configured for
> > loopback through a
> > dial-up and back into a cable-modem can't get in.....most of
> > the time, but
> > once in a while. The same symptoms occur for other people
> > who have tried to
> > access my SSL website. They have no problems with http, but
> > https will
> > almost always refuse the connection or give them a page not displayed.
> >
> > I found a couple of messages posted on this board which
> > talked about the
> > SSLSessionCache. I tried changing that to 'none' from 'dbm'.
> > When I did
> > this, the external connections worked!! 5 minutes later,
> > they were gone,
> > and I was back to the same place that I started. This is a
> > very strange
> > problem, and I am NOT an expert.
> >
> > I see that there are a lot of posts on this board concerning similiar
> > sounding problems. Has anybody come up with a fix for this?
> > Does anybody
> > have any suggestions as to what I should do or try next?
> >
> > Any help here is greatly appreciated.
> >
> > Konn
> >
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: https access problems

I've just double-checked and the Red Hat 7.3 RPM packages (apache-1.3.27-2
and mod_ssl-2.8.12-2) use dbm instead of the shm caching that was in 7.2:

SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300

I hope this hasn't sent you off the wrong way...

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

Evolution isn't true just because the majority of people think it is.

> -----Original Message-----
> From: Konn Danley [mailto:rovingdanley@socal.rr.com]
> Sent: 16 June 2003 17:01
> To: modssl-users@modssl.org
> Subject: Re: https access problems
>
>
> Hi John,
>
> Thanks for the response.
>
> The thing is, I can get in once in a while (1 in 100 times).
> When I first
> encountered the problem, I thought it was a firewalling
> problem. I use both
> TCP wrappers and iptables. I had disabled both without any
> change in the
> problem. The fact that I can get in once in a while leads me
> to think that
> it is not a firewalling problem. I can get in with the machines on my
> internal network 100% of the time. I have never had a
> problem with http on
> either internal or external. It is https only. I did try what you
> suggested with no change in the problem, and I did do this
> before on several
> occasions.
>
> I have a wireless access point which acts as my gateway. I
> am wondering if
> there is a problem with NAT?
>
> The strange thing is that when I changed the SSLSessionCache
> from 'dbm' to
> 'none' (I don't think my platform supports shm), I was able
> to get in with
> external access 100% of the time. I thought my problem was
> fixed, but 5
> minutes later, the connections could not get in.
>
> Since I sent the last mail, I now have all of the latest
> software, mod_ssl
> 2.8.14, OpenSSL 0.9.7b. and I still have the same problem.
>
> Konn
>
>
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org