--0-1362401121-1163522636=:14143
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
I have a web-site supporting HTTPS.
Everything is OK interfacing web browsers like IE.
Lately I needed to interface with a Java client, full connection can no=
t be establish.
In order to debug I used:
openssl s_server -cipher 'ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:=
+eNULL' -cert /etc/httpd/conf/ssl.crt/server.crt -key /etc/httpd/conf/ssl=
..key/server.key -accept 443 -debug -state -HTTP
where the indicated cipher is the exact ciphersuit I have in the web se=
rver, and cert and key are the same a the ones used in my web server.
Using the openssl in debug, Java client receives the response.
I am trying to understand the difference in web server behavior and ope=
nssl in debug mode behavior. Why when in debug, everything goes well, whi=
le in web server mode, it fails?
my server conf:
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/tranzit_ssl_request_log clfa
Hope there is someone that can help.
Jacob
=09
---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.
--0-1362401121-1163522636=:14143
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<DIV>I have a web-site supporting HTTPS.</DIV> <DIV>Everything is OK int=
erfacing web browsers like IE.</DIV> <DIV>Lately I needed to interface w=
ith a Java client, full connection can not be establish.</DIV> <DIV>In o=
rder to debug I used:</DIV> <DIV>openssl s_server -cipher 'ALL:!ADH:!EXP=
ORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL' -cert /etc/httpd/conf/ssl.crt/ser=
ver.crt -key /etc/httpd/conf/ssl.key/server.key -accept 443 -debug =
-state -HTTP</DIV> <DIV>where the indicated cipher is the exact ciphersu=
it I have in the web server, and cert and key are the same a the ones use=
d in my web server. </DIV> <DIV> </DIV> <DIV>Using the openss=
l in debug, Java client receives the response.</DIV> <DIV>I am trying to=
understand the difference in web server behavior and openssl in debug mo=
de behavior. Why when in debug, everything goes well, while in web server=
mode, it fails?</DIV> <DIV> </DIV> <DIV>my server conf:</DIV> <D=
IV>SSLEngine on<BR>SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL<BR>SSLCertificateFil=
e /etc/httpd/conf/ssl.crt/server.crt<BR>SSLCertificateKeyFile /etc/httpd/=
conf/ssl.key/server.key<BR>SSLOptions +StdEnvVars<BR>SetEnvIf User-Agent =
".*MSIE.*" \<BR> nokeepalive ss=
l-unclean-shutdown \<BR> downgr=
ade-1.0 force-response-1.0<BR>CustomLog logs/tranzit_ssl_request_log clfa=
</DIV> <DIV> </DIV> <DIV>Hope there is someone that can help.</DIV=
> <DIV>Jacob</DIV> <DIV> </DIV> <DIV> </DIV><p>
=09
<hr size=3D1>Everyone is raving about <a href=3D"http://us.rd.yahoo.com/e=
vt=3D42297/*http://advision.webevents.yahoo.com/mailbeta">th e all-new Yah=
oo! Mail beta.</a>
--0-1362401121-1163522636=:14143--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
