[ale] SSL, Apache, and Windows 98

Brian Akins bakins at web.turner.com
Tue Jun 21 11:37:31 EDT 2005 

Apache 2.0.54 with ssl as dso
openssl 0.9.7g
RHAS 2.1

WIn 98 with any version  of IE gets the generic page caoont be displayed 
message.

Errors in apache log:
Tue Jun 21 11:22:09 2005] [info] Connection to child 35 established 
(server account.nascar.com:443, client 10.188.33.199)
[Tue Jun 21 11:22:09 2005] [info] SSL library error 1 in handshake 
(server account.nascar.com:443, client 10.188.33.199)
[Tue Jun 21 11:22:09 2005] [info] Connection to child 35 closed with 
abortive shutdown(server account.nascar.com:443, client 10.188.33.199)
[Tue Jun 21 11:22:09 2005] [info] Connection to child 36 established 
(server account.nascar.com:443, client 10.188.33.199)
[Tue Jun 21 11:22:09 2005] [info] Connection to child 36 closed with 
abortive shutdown(server account.nascar.com:443, client 10.188.33.199)
 


output from ssldump:

New TCP connection #5: 10.188.33.199(1493) <-> pay8rly2.turner.com(443)
5 1  0.0011 (0.0011)  C>S SSLv2 compatible client hello
   Version 3.1
   cipher suites
   TLS_RSA_WITH_RC4_128_MD5
   TLS_RSA_WITH_RC4_128_SHA
   TLS_RSA_WITH_3DES_EDE_CBC_SHA
   SSL2_CK_RC4
   SSL2_CK_3DES
   SSL2_CK_RC2
   TLS_RSA_WITH_DES_CBC_SHA
   SSL2_CK_DES
   TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
   TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
   TLS_RSA_EXPORT_WITH_RC4_40_MD5
   TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
   SSL2_CK_RC4_EXPORT40
   SSL2_CK_RC2_EXPORT40
5 2  0.0016 (0.0005)  S>C  Handshake
       ServerHello
         Version 3.1
         session_id[32]=
           7e 80 0d c5 97 8b d4 80 37 af 00 97 02 8f 42 de
           a4 45 fe 00 36 41 92 0e 1c 3a f5 04 8a 50 26 ca
         cipherSuite         TLS_RSA_WITH_RC4_128_MD5
         compressionMethod                   NULL
5 3  0.0016 (0.0000)  S>C  Handshake
       Certificate
5 4  0.0016 (0.0000)  S>C  Handshake
       ServerHelloDone
5 5  0.0062 (0.0045)  C>S  Handshake
       ClientKeyExchange
5 6  0.0062 (0.0000)  C>S  ChangeCipherSpec
5 7  0.0062 (0.0000)  C>S  Handshake
5 8  0.0070 (0.0008)  S>C  Alert
     level           fatal
     value           bad_record_mac
5    0.0073 (0.0002)  S>C  TCP FIN
5    0.0079 (0.0006)  C>S  TCP FIN
New TCP connection #6: 10.188.33.199(1494) <-> pay8rly2.turner.com(443)
Version 2 Client.
6    0.0036 (0.0036)  C>S  TCP FIN
6    0.0037 (0.0001)  S>C  TCP FIN
 



Apache config stuff:

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0
 

SSLSessionCache shm:/logs/https-relay.ssl_session_cache(512000)
SSLSessionCacheTimeout 300
SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

I have tried the following as well:

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLProtocol all -SSLv3
 


to no avail.

Seems to work on all other OS's

 



-- 
Brian Akins
Lead Systems Engineer
CNN Internet Technologies

More information about the Ale mailing list