httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TOKI...@aol.com
Subject os-windows/6420: SSL for Apache on NT does not work.
Date Wed, 16 Aug 2000 00:34:52 GMT

> brooksrp@vallnet.com writes...
>
>Subject: os-windows/6420: SSL for Apache on NT does not work.

Which versions of SSL are enabled? See below about a known
bug with Microsoft SSL handling. Not sure what your problem
with the patch itself is. Actually.. you might not even need them.

> somebody who has actually implemented Apache with SSL on NT?

Frank Martini of Cadence Development is running SSL with Apache
under Windows NT just fine. ( Again, see below ) .

You are service pack 6a so that might have something to do with it. 
Try backing off to SP 3 or 4 and limit SSL to SSLv2 and see it that does it 
for you. You might not actually need the SSL patches at all.

Here is Frank Martini's successful SSL/Apache platform...
He is using the EXACT same versions of both Apache and
OpenSSL that you are.

>   Windows NT Workstation 4.0
>   Apache 1.3.12 (Win32)
>   mod_ssl 2.6.1
>   OpenSSL 0.9.5

Original post...

>Subject: os-windows/6420: SSL for Apache on NT does not work.
>Number:         6420
>Category:       os-windows
>Synopsis:       SSL for Apache on NT does not work.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Aug 15 19:20:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     brooksrp@vallnet.com
>Release:        1.3.12
>Organization:
apache
>Environment:
NT 4.0 SP6a, OpenSSL-0.9.5a, Apache+SSL_1.40, MS VC 6, patch 2.5.3
>Description:
In the last month I have spent more time attempting to apply the SSL patchs to
Apache 1.3.12 than I spent implementing an entire vender application which 
cost in the 6 digits.  Now I am not sure which was the most expensive.  
The last time I contacted you, you sent me to the news groups.  Not a big 
enough problem for a developer. I tried them with 0 results.  Apparently the 
SSLpatchs have never been used on NT.  The problem is patch can not process 
the SSLpatch file.  It can not find the source files to patch.  Please, give 
me the email address of somebody who has actually implemented Apache with SSL 
on NT.  Otherwise, I have not choice but scrap the free Apache and go with 
one of the expensive packages like Fastrack($300) or IIS.  Both of which I 
have already implemented on other projects.
>How-To-Repeat:
Uncompress the sources and run patch -p1 <SSLpatch as documented.
>Fix:
Throw away patch and apply the patches by hand or forget Apache.
>Release-Note:
>Audit-Trail:
>Unformatted:

> The following was posted on the Apache forum yesterday...
> 08/14/00...

Kevin Kiley writes...

This message just appeared on the Palm.Net wireless forum
about 5 minutes ago ( 11:40 AM CST 08/14/00 ).

It concerns the 'bugginess' of SSL under Win32 when using Apache
and mod_ssl. I believe there are some PR's about this. 

The problem is NOT with Apache.

Workaround seems to be limiting SSL to SSLv2.

Full text of post follows...

> There seems to be a bug in the Microsoft libraries on most SSL 
> connections to certain sites. These sites have enabled multiple 
> SSL protocols (SSLv2, SSLv3 & TLSv1). The problem (also exhibited 
> by certain installations of IE5 on Windows & Mac) is caused by the 
> Microsoft code switching protocols on the fly, causing data
> decryption errors. A solution is to restrict the SSL protocol to SSLv2.
>
> Our specific installation is
>   Windows NT Workstation 4.0
>   Apache 1.3.12 (Win32)
>   mod_ssl 2.6.1
>   OpenSSL 0.9.5
> 
> Frank Martini
> Cadence Development

Yours...
Kevin Kiley
CTO, Remote Communications, Inc.
http://www.RemoteCommunications.com
http://www.rctp.com - Online Internet Content Compression Server

Mime
View raw message