Re: apache crashing

[Martti Kuparinen <martti.kuparinen%iki.fi@localhost>]

David Brownlee wrote:

> Does it work if you add the following to the the <VirtualHost>
>     SSLProtocol -all +SSLv3
> and fail again if instead you use
>     SSLProtocol -all +TLSv1 +SSLv3

I don't have anything matching SSLProtocol, should I?

ROOT www:/usr/pkg/etc/httpd> grep -r SSLProtocol *
ROOT www:/usr/pkg/etc/httpd>

www:/usr/pkg> diff -u share/examples/httpd/extra/httpd-ssl.conf 
etc/httpd/httpd-ssl.conf
--- share/examples/httpd/extra/httpd-ssl.conf   2010-02-02 13:26:37.000000000 
+0200
+++ etc/httpd/httpd-ssl.conf    2008-10-17 20:41:06.000000000 +0300
@@ -87,7 +94,7 @@
 #   SSL Cipher Suite:
 #   List the ciphers that the client is permitted to negotiate.
 #   See the mod_ssl documentation for a complete list.
-SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+SSLCipherSuite HIGH

 #   Server Certificate:
 #   Point SSLCertificateFile at a PEM encoded certificate.  If
@@ -96,7 +103,7 @@
 #   in mind that if you have both an RSA and a DSA certificate you
 #   can configure both in parallel (to also allow the use of DSA
 #   ciphers, etc.)
-SSLCertificateFile "/usr/pkg/etc/httpd/server.crt"
+SSLCertificateFile "/etc/openssl/certs/server.pem"
 #SSLCertificateFile "/usr/pkg/etc/httpd/server-dsa.crt"

 #   Server Private Key:
@@ -104,7 +111,7 @@
 #   directive to point at the key file.  Keep in mind that if
 #   you've both a RSA and a DSA private key you can configure
 #   both in parallel (to also allow the use of DSA ciphers, etc.)
-SSLCertificateKeyFile "/usr/pkg/etc/httpd/server.key"
+SSLCertificateKeyFile "/etc/openssl/private/server.key"
 #SSLCertificateKeyFile "/usr/pkg/etc/httpd/server-dsa.key"

 #   Server Certificate Chain:

Martti