Subject: Re: strange apache & SSL problem
To: Patrick Mackey <netbsd@deniedaccess.org>
From: None <carnivorous@gmail.com>
List: netbsd-users
Date: 01/12/2005 13:53:00
That gives me a lot of stuff, but no errors.  Seems fine..

[....]

SSL handshake has read 1213 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 3D38E7984D2742681789AC2B6DB2E27A3E7A1B8239F666B68B7AAB75EC8C611E
    Session-ID-ctx:
    Master-Key:
13064F93974D4FDB65D57C239C77E0DCB87E20E019198927FF269195B1B077C482D065018E63D31A36494332679C6173
    Key-Arg   : None
    Start Time: 1105566389
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

However, when I tpe something, and it spits out the Apache version
stuff, I see this at the bottom:

<address>Apache/2.0.52 (Unix) mod_perl/1.99_17 Perl/v5.8.5
mod_ssl/2.0.52 OpenSSL/0.9.7d DAV/2 PHP/4.3.10 Server at localhost
Port 443</address

doing pkg_info|grep openssl shows...

php-openssl-4.3.10  PHP extension for the OpenSSL library
openssl-0.9.7e      Secure Socket Layer and cryptographic library

Could it be that apache is using an older openssl module for some
reason?  Maybe the two are not in sync and that's what's causing the
problem.


On Thu, 13 Jan 2005 09:45:36 +1300 (NZDT), Patrick Mackey
<netbsd@deniedaccess.org> wrote:
> > SSLEngine on is there...
> >
> > This is pretty much a default install, with the necessary vhost changes.
> 
> Maybe try:
> 
> openssl s_client -connect www.myserver.com:443
> 
> Just to check the actual ssl negotiation.
> 
> --
> Best Regards,
> Patrick Mackey
> 
> ------------------------------------------
>      "You can't take the sky from me"
>     Firefly: http://www.fireflyfans.net
> ------------------------------------------
>