httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Douglas Hobaugh" <d...@essex3.com>
Subject [users@httpd] Customers getting "Page Cannot be Displayed" over SSL
Date Thu, 31 Jan 2008 16:32:51 GMT
Hi all, I hope this is the correct list. First time posting.

I am getting a lot of customers complaining that they get "Page Cannot be
Displayed" errors when they connect to our SSL server. I cannot for the life
of me figure out if its my problem or theirs.  Below is my SSL configuration
for my server. Can someone take a look and let me know if its OK?  I have
also included results from an openssl s_client test

Thanks,
Doug



##  SSL Global Context
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl    .crl
	SSLPassPhraseDialog  builtin
	SSLSessionCache         shmcb:/var/lib/apache2/ssl_scache
	SSLSessionCacheTimeout  600
	SSLMutex  sem
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
</IfModule>
</IfDefine>
</IfDefine>

<VirtualHost 192.168.0.9:443>
 ServerAdmin me@server.com
 ServerName my.server.com:443
 SuexecUserGroup dspam dspam
 DocumentRoot /srv/www/vhosts/my.server.com/htdocs
 SetEnvIf Remote_Addr "192\.168\.0" dontlog
 SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
 SetEnvIf Request_URI "^.*getsessiontime\.php.*$" dontlog
 ErrorLog  "|/usr/local/sbin/cronolog
/srv/www/vhosts/my.server.com/logs/%m-%Y/error.log"
 CustomLog "|/usr/local/sbin/cronolog
/srv/www/vhosts/my.server.com/logs/%m-%Y/access.log" combined env=!dontlog

 SSLEngine on
 SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLOptions +StrictRequire

 SSLCertificateFile /etc/apache2/ssl.crt/secure_essex3_com-new2.crt
 SSLCertificateKeyFile /etc/apache2/ssl.key/secure-essex3-com-new2.key
 SSLCACertificatePath /etc/apache2/ssl.crt
 SSLCACertificateFile /etc/apache2/ssl.crt/secure_essex3_com.ca-bundle

 <Directory "/srv/www/vhosts/my.server.com/htdocs">
  Options -Indexes FollowSymLinks
  AllowOverride none
  Order allow,deny
  Allow from all
  SSLRequireSSL
 </Directory>

 <Directory "/srv/www/vhosts/my.server.com/htdocs/xxx/xxx/admin">
  Order allow,deny
  Allow from 192.168.0
 </Directory>

 <Directory "/srv/www/vhosts/my.server.com/htdocs/zzz/vvv">
  php_value register_globals 1
 </Directory>

 Alias /product/base.css /srv/www/htdocs/product/base.css
 Alias /product/product-logo-small.gif
/srv/www/htdocs/product/product-logo-small.gif
 ScriptAlias /product/ /srv/www/htdocs/product/
 <directory "/srv/www/htdocs/product">
  Options +ExecCGI
  AuthName "PRODUCT Quarantine Area"
  AuthType Basic
  AuthShadow on
  Require valid-user
  Order Deny,allow
  Allow from all
 </directory>

 <directory "/srv/www/vhosts/my.server.com/htdocs/yyy/admin">
  Options +ExecCGI
  AuthName "Restricted Site"
  AuthType Basic
  AuthShadow on
  Require valid-user
  Order Deny,allow
  Allow from all
 </directory>

 SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
</VirtualHost>




openssl s_client -connect my.server.com:443 -state -reconnect
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
...
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
...
SSL handshake has read 3080 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
...
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
SSL-Session:
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
SSL-Session:
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
SSL-Session:
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
SSL-Session:
---
drop connection and then reconnect
SSL3 alert write:warning:close notify
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read finished A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
---
Reused, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
SSL-Session:





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message