Return-Path: 
 <apache-bugdb-return-2211-apmail-apache-bugdb-archive=apache.org@apache.org>
Delivered-To: apmail-apache-bugdb-archive@apache.org
Received: (qmail 41315 invoked by uid 500); 16 Aug 2000 04:40:03 -0000
Mailing-List: contact apache-bugdb-help@apache.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
Reply-To: apache-bugdb@apache.org
list-help: <mailto:apache-bugdb-help@apache.org>
list-unsubscribe: <mailto:apache-bugdb-unsubscribe@apache.org>
list-post: <mailto:apache-bugdb@apache.org>
Delivered-To: mailing list apache-bugdb@apache.org
Received: (qmail 41267 invoked by uid 501); 16 Aug 2000 04:40:02 -0000
Date: 16 Aug 2000 04:40:02 -0000
Message-ID: <20000816044002.41266.qmail@locus.apache.org>
To: apache-bugdb@apache.org
Cc: apache-bugdb@apache.org,
From: TOKILEY@aol.com
Subject: os-windows/6420: SSL for Apache on NT does not work.
Reply-To: TOKILEY@aol.com

The following reply was made to PR os-windows/6420; it has been noted by GNATS.

From: TOKILEY@aol.com
To: new-httpd@apache.org
Cc: apbugs@apache.org, brooksrp@vallnet.com
Subject: os-windows/6420: SSL for Apache on NT does not work.
Date: Wed, 16 Aug 2000 00:34:52 EDT

 > brooksrp@vallnet.com writes...
 >
 >Subject: os-windows/6420: SSL for Apache on NT does not work.
 
 Which versions of SSL are enabled? See below about a known
 bug with Microsoft SSL handling. Not sure what your problem
 with the patch itself is. Actually.. you might not even need them.
 
 > somebody who has actually implemented Apache with SSL on NT?
 
 Frank Martini of Cadence Development is running SSL with Apache
 under Windows NT just fine. ( Again, see below ) .
 
 You are service pack 6a so that might have something to do with it. 
 Try backing off to SP 3 or 4 and limit SSL to SSLv2 and see it that does it 
 for you. You might not actually need the SSL patches at all.
 
 Here is Frank Martini's successful SSL/Apache platform...
 He is using the EXACT same versions of both Apache and
 OpenSSL that you are.
 
 >   Windows NT Workstation 4.0
 >   Apache 1.3.12 (Win32)
 >   mod_ssl 2.6.1
 >   OpenSSL 0.9.5
 
 Original post...
 
 >Subject: os-windows/6420: SSL for Apache on NT does not work.
 >Number:         6420
 >Category:       os-windows
 >Synopsis:       SSL for Apache on NT does not work.
 >Confidential:   no
 >Severity:       non-critical
 >Priority:       medium
 >Responsible:    apache
 >State:          open
 >Quarter:        
 >Keywords:       
 >Date-Required:
 >Class:          sw-bug
 >Submitter-Id:   apache
 >Arrival-Date:   Tue Aug 15 19:20:00 PDT 2000
 >Closed-Date:
 >Last-Modified:
 >Originator:     brooksrp@vallnet.com
 >Release:        1.3.12
 >Organization:
 apache
 >Environment:
 NT 4.0 SP6a, OpenSSL-0.9.5a, Apache+SSL_1.40, MS VC 6, patch 2.5.3
 >Description:
 In the last month I have spent more time attempting to apply the SSL patchs to
 Apache 1.3.12 than I spent implementing an entire vender application which 
 cost in the 6 digits.  Now I am not sure which was the most expensive.  
 The last time I contacted you, you sent me to the news groups.  Not a big 
 enough problem for a developer. I tried them with 0 results.  Apparently the 
 SSLpatchs have never been used on NT.  The problem is patch can not process 
 the SSLpatch file.  It can not find the source files to patch.  Please, give 
 me the email address of somebody who has actually implemented Apache with SSL 
 on NT.  Otherwise, I have not choice but scrap the free Apache and go with 
 one of the expensive packages like Fastrack($300) or IIS.  Both of which I 
 have already implemented on other projects.
 >How-To-Repeat:
 Uncompress the sources and run patch -p1 <SSLpatch as documented.
 >Fix:
 Throw away patch and apply the patches by hand or forget Apache.
 >Release-Note:
 >Audit-Trail:
 >Unformatted:
 
 > The following was posted on the Apache forum yesterday...
 > 08/14/00...
 
 Kevin Kiley writes...
 
 This message just appeared on the Palm.Net wireless forum
 about 5 minutes ago ( 11:40 AM CST 08/14/00 ).
 
 It concerns the 'bugginess' of SSL under Win32 when using Apache
 and mod_ssl. I believe there are some PR's about this. 
 
 The problem is NOT with Apache.
 
 Workaround seems to be limiting SSL to SSLv2.
 
 Full text of post follows...
 
 > There seems to be a bug in the Microsoft libraries on most SSL 
 > connections to certain sites. These sites have enabled multiple 
 > SSL protocols (SSLv2, SSLv3 & TLSv1). The problem (also exhibited 
 > by certain installations of IE5 on Windows & Mac) is caused by the 
 > Microsoft code switching protocols on the fly, causing data
 > decryption errors. A solution is to restrict the SSL protocol to SSLv2.
 >
 > Our specific installation is
 >   Windows NT Workstation 4.0
 >   Apache 1.3.12 (Win32)
 >   mod_ssl 2.6.1
 >   OpenSSL 0.9.5
 > 
 > Frank Martini
 > Cadence Development
 
 Yours...
 Kevin Kiley
 CTO, Remote Communications, Inc.
 http://www.RemoteCommunications.com
 http://www.rctp.com - Online Internet Content Compression Server