Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Open Source Technologies >> OpenSPARC

SSL and CSQamp

Hi,

I'm having trouble getting a secure server setup to work using CSQamp. Here's what I've done:

1. Installed CSQamp.

2. Created a self-signed certificate following the instructions found on http://meljr.com/~meljr/ssl_cert_Sol10.html.

3. Edited httpd.conf and ssl.conf with my server name and the locations of the key and certificate files.

4. Ran /usr/local/apache2/bin/apachectl startssl

Now, if I try a secure connection with Firefox, I get a 'connection was interrupted' message. IE seems to work, with just the usual self-signed certificate warning.

I've also noticed that I can connect successfully using '/usr/sfw/bin/openssl s_client -connect localhost:443', but if I try connecting with /opt/csw/bin/openssl, or the openssl on a Linux server, I get an ssl handshake failure.

Any clues what I might be missing?

Thanks!

-Ann

[908 byte] By [adamcika] at [2007-11-26 15:39:14]
«« Need functionality similar to Memory Overcommit (aka Lazy Swap)
»» vm crash problem
# 1

You did not say which platform you are running on. If the Solaris Crypto Framework is being used, then the culprit is most likely the ciphersuite.

The default CipherSuite used by Firefox is TLS_DHE_RSA_WITH_AES_256_CBC_SHA in their Client Hello message. This Cipher is not supported by the crypto framework unless you have the SUNWcry* packages installed.

The solution is to edit ssl.conf thus :

SSLCipherSuite ALL:!ADH:!EXPORT56:-AES256-SHA:-DHE-RSA-AES256-SHA:-DHE-DSS-AES256-SHA:RC4+RSA: +HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

Shanti

shantiSa at 2007-7-8 21:57:34 > top of Java-index,Open Source Technologies,OpenSPARC...
# 2
Can you please post the SSLCipherSuite line or make sure that AES is disabled ?if after that you still see the problem, can you dump the debug output of s_clientfor the failed case ?-thanks-pallab
parametera at 2007-7-8 21:57:34 > top of Java-index,Open Source Technologies,OpenSPARC...
# 3
Shanti,Thank you!! I've been banging my head against the wall for weeks with no idea where to look, and this change did the trick.We're running Solaris 10 on a v440. I'll check with the sysadmin about the ciphersuite.Thanks again!-Ann
adamcika at 2007-7-8 21:57:34 > top of Java-index,Open Source Technologies,OpenSPARC...
# 4
You are welcome. That's the reason we have the forum. Please do not bang your head for "weeks" next time around (perhaps just a couple of days !)Shanti
shantiSa at 2007-7-8 21:57:34 > top of Java-index,Open Source Technologies,OpenSPARC...
OpenSPARC

Open Source Technologies New Topic

Open Source Technologies Hot Topic

Open Source Technologies

All Classified