[LUGOS] Apache & SSL & IE blues
Gregor Ibic
gregor.ibic at intelicom.si
Wed Jul 21 09:57:32 CEST 2004
jaz bi dodal se kako verzijo protokola v config
sslv23 in sslv3 in tls
najverjetneje se ne zmenita za isti protokol
malo pocakaj da zbrskam kak config
Intelicom d.o.o.
Security software company
http://www.intelicom.si
email: info at intelicom.si
tel.: ++386 5 6309 158
fax.: ++386 5 6279 355
-----Original Message-----
From: Nejc Skoberne [mailto:nejc.skoberne at guest.arnes.si]
Sent: Wednesday, July 21, 2004 9:46 AM
To: Gregor Ibic
Subject: Re: [LUGOS] Apache & SSL & IE blues
Zdravo.
> s_client v debugu ti bo precej pokazal
< Session-ID:
---
> Session-ID:
C6AE6F06387A8E7BEC3F2749EEDD8B3189CE3ABC93CFD1E3CB750A6B922EE4BC
195c287
< Master-Key:
09D550AB9C51BB26F50AE3DC0226E55D0F3F438B441F360BDA9B10647A4840F75DEBDEF3F481
448F57D3A1499148A441
---
> Master-Key:
E167218EF0121D2F4B41BE83ABC2D14F840FF67880097040DC5CCCC64C8D8C2A42BAEF455D92
126021B33E3D69C2BFF5
197c289
< Start Time: 1090395853
---
> Start Time: 1090395790
199c291
< Verify return code: 21 (unable to verify the first certificate)
---
> Verify return code: 19 (self signed certificate in certificate chain)
Torej s_clienta sem pognal na dveh serverjih: na enemu, ki dela in na
mojemu, kjer v IE ne dela. Poleg razlik v certifikatih, se outputa
razlikujeta v Session-ID-ju (moj server vrne praznega? - zakaj?) in
Verify return codeu. Kaj se da iz tega razbrati?
> ali pa lahko kaki ssl klient / demo poberes z nase strani
> pa spremljas vzpostavljanje ssl seje
> www.intelicom.si -> datoteke -> indy ....
SSL status: "before/connect initialization"
SSL status: "before/connect initialization"
SSL status: "SSLv2 write client hello A"
SSL status: "SSLv2 read server hello A"
SSL status: "SSLv2 write client master key A"
SSL status: "SSLv2 client start encryption"
SSL status: "SSLv2 write client finished A"
SSL status: "SSLv2 read server verify A"
SSL status: "SSLv2 read server finished A"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"
Torej stvar izgleda da deluje.
--
Nejc Skoberne
E-mail: nejc.skoberne at guest.arnes.si
More information about the lugos-list
mailing list