httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Declerck Michael-W30479" <W30...@motorola.com>
Subject [users@httpd] Firefox - 'partially encrypted' SSL
Date Tue, 01 Aug 2006 16:05:24 GMT
Hello,
My system is Ubuntu 6.06 and Apache 2.2 with mod_ssl.
I have a problem with Firefox which says that the client-server
interaction is only partially encrypted.
The message from the Firefox says exactly:
 
Connection Partially Encrypted
Parts of the page you are viewing were not encrypted before being
transmitted over the Internet.
Information sent over the Internet without encryption can be seen by
other people while it is in transit.

I installed mod_ssl statically, which gave me the default
conf/extra/httpd-ssl.conf, where ssl is supported by virtual host.
The file httpd-ssl.conf is included in my main httpd.conf.
When I statically installed, Apache modified my httpd.conf file in some
way, but I mistakingly saved over it.
 
One issue might be with a PRNG, because I do not know where I have one
(if I have one, it is not in /dev) in the httpd-ssl.conf.
Here's my httpd-ssl.conf file:

#SSLRandomSeed startup file:/dev/random  512    
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512 

Listen 10.22.97.248:443
Listen 10.22.97.248:80
AddType application/x-x509-ca-cert .cert
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin 
SSLSessionCache        shmcb:/usr/local/apache2/logs/ssl_scache(512000)
SSLSessionCacheTimeout  300
 
SSLMutex  file:/usr/local/apache2/logs/ssl_mutex
 
<VirtualHost _default_:443>
#   General setup for the virtual host
DocumentRoot "/usr/local/apache2/cgi-bin"
ServerName panicrepository.am.mot.com:443
ServerAdmin w30479@motorola.com
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log
 
#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
#   Server Certificate:
SSLCertificateFile
/usr/local/openssl/certs/panicrepository.am.mot.com.cert

SSLCertificateKeyFile
/usr/local/openssl/private/panicrepository.am.mot.com.key
 
<FilesMatch "\.(pl|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
 
#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /usr/local/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
</VirtualHost>



Any advice?
Does this sound like Firefox brokenness?
I would assume that it is my configuration that is the problem.

Michael DeClerck

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message