httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Apache mod_ssl bug mystery solved (?)
Date Mon, 14 Aug 2000 14:02:22 GMT

This message just appeared on the Palm.Net wireless forum
about 5 minutes ago.

It concerns the 'bugginess' of SSL under Win32 when using Apache
and mod_ssl. I believe there are some PR's about this. 

The problem is NOT with Apache.

Workaround seems to be limiting SSL to SSLv2.

Full text of post follows...

> There seems to be a bug in the Microsoft libraries on most SSL 
> connections to certain sites. These sites have enabled multiple 
> SSL protocols (SSLv2, SSLv3 & TLSv1). The problem (also exhibited 
> by certain installations of IE5 on Windows & Mac) is caused by the 
> Microsoft code switching protocols on the fly, causing data
> decryption errors. A solution is to restrict the SSL protocol to SSLv2.
> Our specific installation is
>   Windows NT Workstation 4.0
>   Apache 1.3.12 (Win32)
>   mod_ssl 2.6.1
>   OpenSSL 0.9.5
> Frank Martini
> Cadence Development

Kevin Kiley
CTO, Remote Communications, Inc. - Online Internet Content Compression Server

View raw message