www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TOKI...@aol.com
Subject os-windows/6420: SSL for Apache on NT does not work.
Date Wed, 16 Aug 2000 04:40:02 GMT
The following reply was made to PR os-windows/6420; it has been noted by GNATS.

From: TOKILEY@aol.com
To: new-httpd@apache.org
Cc: apbugs@apache.org, brooksrp@vallnet.com
Subject: os-windows/6420: SSL for Apache on NT does not work.
Date: Wed, 16 Aug 2000 00:34:52 EDT

 > brooksrp@vallnet.com writes...
 >
 >Subject: os-windows/6420: SSL for Apache on NT does not work.
 
 Which versions of SSL are enabled? See below about a known
 bug with Microsoft SSL handling. Not sure what your problem
 with the patch itself is. Actually.. you might not even need them.
 
 > somebody who has actually implemented Apache with SSL on NT?
 
 Frank Martini of Cadence Development is running SSL with Apache
 under Windows NT just fine. ( Again, see below ) .
 
 You are service pack 6a so that might have something to do with it. 
 Try backing off to SP 3 or 4 and limit SSL to SSLv2 and see it that does it 
 for you. You might not actually need the SSL patches at all.
 
 Here is Frank Martini's successful SSL/Apache platform...
 He is using the EXACT same versions of both Apache and
 OpenSSL that you are.
 
 >   Windows NT Workstation 4.0
 >   Apache 1.3.12 (Win32)
 >   mod_ssl 2.6.1
 >   OpenSSL 0.9.5
 
 Original post...
 
 >Subject: os-windows/6420: SSL for Apache on NT does not work.
 >Number:         6420
 >Category:       os-windows
 >Synopsis:       SSL for Apache on NT does not work.
 >Confidential:   no
 >Severity:       non-critical
 >Priority:       medium
 >Responsible:    apache
 >State:          open
 >Quarter:        
 >Keywords:       
 >Date-Required:
 >Class:          sw-bug
 >Submitter-Id:   apache
 >Arrival-Date:   Tue Aug 15 19:20:00 PDT 2000
 >Closed-Date:
 >Last-Modified:
 >Originator:     brooksrp@vallnet.com
 >Release:        1.3.12
 >Organization:
 apache
 >Environment:
 NT 4.0 SP6a, OpenSSL-0.9.5a, Apache+SSL_1.40, MS VC 6, patch 2.5.3
 >Description:
 In the last month I have spent more time attempting to apply the SSL patchs to
 Apache 1.3.12 than I spent implementing an entire vender application which 
 cost in the 6 digits.  Now I am not sure which was the most expensive.  
 The last time I contacted you, you sent me to the news groups.  Not a big 
 enough problem for a developer. I tried them with 0 results.  Apparently the 
 SSLpatchs have never been used on NT.  The problem is patch can not process 
 the SSLpatch file.  It can not find the source files to patch.  Please, give 
 me the email address of somebody who has actually implemented Apache with SSL 
 on NT.  Otherwise, I have not choice but scrap the free Apache and go with 
 one of the expensive packages like Fastrack($300) or IIS.  Both of which I 
 have already implemented on other projects.
 >How-To-Repeat:
 Uncompress the sources and run patch -p1 <SSLpatch as documented.
 >Fix:
 Throw away patch and apply the patches by hand or forget Apache.
 >Release-Note:
 >Audit-Trail:
 >Unformatted:
 
 > The following was posted on the Apache forum yesterday...
 > 08/14/00...
 
 Kevin Kiley writes...
 
 This message just appeared on the Palm.Net wireless forum
 about 5 minutes ago ( 11:40 AM CST 08/14/00 ).
 
 It concerns the 'bugginess' of SSL under Win32 when using Apache
 and mod_ssl. I believe there are some PR's about this. 
 
 The problem is NOT with Apache.
 
 Workaround seems to be limiting SSL to SSLv2.
 
 Full text of post follows...
 
 > There seems to be a bug in the Microsoft libraries on most SSL 
 > connections to certain sites. These sites have enabled multiple 
 > SSL protocols (SSLv2, SSLv3 & TLSv1). The problem (also exhibited 
 > by certain installations of IE5 on Windows & Mac) is caused by the 
 > Microsoft code switching protocols on the fly, causing data
 > decryption errors. A solution is to restrict the SSL protocol to SSLv2.
 >
 > Our specific installation is
 >   Windows NT Workstation 4.0
 >   Apache 1.3.12 (Win32)
 >   mod_ssl 2.6.1
 >   OpenSSL 0.9.5
 > 
 > Frank Martini
 > Cadence Development
 
 Yours...
 Kevin Kiley
 CTO, Remote Communications, Inc.
 http://www.RemoteCommunications.com
 http://www.rctp.com - Online Internet Content Compression Server

Mime
View raw message