Board index Unix Web Servers

Problems with mod_ssl and 128-bit browsers

Problems with mod_ssl and 128-bit browsers

Post by Jordan Krushe » Fri, 05 Mar 1999 04:00:00



I've recently noticed a problem with Apache 1.3.4 / mod_ssl 2.1.7 / SSLeay
0.90b on Linux 2.0.36.

When connecting to the site with a 40-bit browser, things seem to run
smoothly.  However, when running a 128-bit browser and connecting to the
same site (I've tested this with both IE and Netscape), I get a network
error (unable to connect to host) and it logs a segmentation fault in the
error_log.

Has anyone seen this behaviour before?  I've run this same setup numerous
times on FreeBSD, but this is my first time doing it on Linux, and it's not
proving to be a fun ordeal ;)

Thanks,

J.

 
 
 
Top

Problems with mod_ssl and 128-bit browsers

Post by Yvan Cotty » Fri, 05 Mar 1999 04:00:00


is  http://core.freshmeat.net/appindex/1998/08/23/903863187.html what you need
??


> I've recently noticed a problem with Apache 1.3.4 / mod_ssl 2.1.7 / SSLeay
> 0.90b on Linux 2.0.36.

> When connecting to the site with a 40-bit browser, things seem to run
> smoothly.  However, when running a 128-bit browser and connecting to the
> same site (I've tested this with both IE and Netscape), I get a network
> error (unable to connect to host) and it logs a segmentation fault in the
> error_log.

> Has anyone seen this behaviour before?  I've run this same setup numerous
> times on FreeBSD, but this is my first time doing it on Linux, and it's not
> proving to be a fun ordeal ;)

> Thanks,

> J.

--

| (32)(3)5446527                                          (32)(9)3294120 |
| A PC without Windows is like a fish without bicycle. ~ Install Linux ~ |

 
 
 
Top

Problems with mod_ssl and 128-bit browsers

Post by Paul Rub » Fri, 05 Mar 1999 04:00:00




>I've recently noticed a problem with Apache 1.3.4 / mod_ssl 2.1.7 / SSLeay
>0.90b on Linux 2.0.36.

I've been using 128 bit browsers with mod_ssl on sparc/solaris with
no problems.
 
 
 
Top

Problems with mod_ssl and 128-bit browsers

Post by Ralf S. Engelschal » Fri, 05 Mar 1999 04:00:00



> I've recently noticed a problem with Apache 1.3.4 / mod_ssl 2.1.7 / SSLeay
> 0.90b on Linux 2.0.36.

> When connecting to the site with a 40-bit browser, things seem to run
> smoothly.  However, when running a 128-bit browser and connecting to the
> same site (I've tested this with both IE and Netscape), I get a network
> error (unable to connect to host) and it logs a segmentation fault in the
> error_log.

> Has anyone seen this behaviour before?  I've run this same setup numerous
> times on FreeBSD, but this is my first time doing it on Linux, and it's not
> proving to be a fun ordeal ;)

Perhaps it's one of the DSO bugs in mod_ssl 2.1.  Please upgrade to mod_ssl
2.2.4 and try again.  When it still segfaults, write a bugreport together with
a stackframe backtrace, please.
                                       Ralf S. Engelschall

                                       www.engelschall.com
 
 
 
Top

Problems with mod_ssl and 128-bit browsers

Post by Jordan Krushe » Sat, 06 Mar 1999 04:00:00


Now running apache 1.3.4 / mod_ssl 2.2.2 / openssl 0.9.1c (patched).

Here's an excerpt from the error_log:

httpd: [Fri Mar  5 15:46:43 1999] [notice] child pid 15880 exit signal
Segmentation fault (11)
httpd: [Fri Mar  5 15:46:46 1999] [notice] child pid 15869 exit signal
Segmentation fault (11)
httpd: [Fri Mar  5 15:46:52 1999] [error] mod_ssl: SSL handshake failed
(client 206.108.237.36, server proxy.elecomm.net:443) (OpenSSL library error
follows)
httpd: [Fri Mar  5 15:46:52 1999] [error] OpenSSL: error:0407106B:rsa
routines:RSA_padding_check_PKCS1_type_2:block type is not 02
httpd: [Fri Mar  5 15:46:52 1999] [error] OpenSSL: error:04065072:rsa
routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed
httpd: [Fri Mar  5 15:46:52 1999] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode
httpd: [Fri Mar  5 15:46:55 1999] [error] mod_ssl: SSL handshake failed
(client 206.108.237.36, server proxy.elecomm.net:443) (OpenSSL library error
follows)
httpd: [Fri Mar  5 15:46:55 1999] [error] OpenSSL: error:0407106B:rsa
routines:RSA_padding_check_PKCS1_type_2:block type is not 02
httpd: [Fri Mar  5 15:46:55 1999] [error] OpenSSL: error:04065072:rsa
routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed
httpd: [Fri Mar  5 15:46:55 1999] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode

How do I do the backtrace?  It's not dumping core.

J.


>Perhaps it's one of the DSO bugs in mod_ssl 2.1.  Please upgrade to mod_ssl
>2.2.4 and try again.  When it still segfaults, write a bugreport together
with
>a stackframe backtrace, please.
>                                       Ralf S. Engelschall

>                                       www.engelschall.com

 
 
 
Top

1. 128-bit encryption using 40-bit browsers?

Hi, folks, someone just told me that both Netscape and Microsoft have
already embeded 128-bit technology in their 40-bit browsers, so we can
force the transmission of data using 128-bit encryption on the
server side even when the customers are using 40-bit browsers, can
anybody confirm to us if this is true or not? Thanks a lot in advance.

Simon

Sent via Deja.com http://www.deja.com/
Before you buy.

2. IBM AIX version 4.2.x and 4.3 Gigabit Drivers

3. 128-bit web browsers for linux?

4. Creating new filesystem on assigned partition?

5. 128-bit SSL for 40-bit clients

6. RFD: setuid/apache

7. 128 bit Browsers

8. Narval 1.1

9. RAWRITE Problem using NT 4.0 SP3 (128-bit)

10. is it possible to detect browser encryption level for 128-bit, 56-bit and 40-bit SSL compatibility?

11. 128-bit encryption

12. #9 Imagine 128-bit supported?

13. ANNOUNCE: Fortify for Netscape v1.2.1; worldwide 128-bit encryption


All times are UTC
Board index