On Tue, Mar 11, 2014 at 11:27:24PM +0100, Alessandro Ghedini wrote:
> Now, why does libcurl fails while gnutls-cli (built against libgnutls26) does
> not (not by default, anyway)? That may be a bug in libcurl, I'll look into
> this
> later.
Unfortunately apache2.4 with the "SSLProtocol -all +SSLv3" setting also
caused problems for iceweasel/firefox:
"SSL peer rejected a handshake message for unacceptable content. (Error
code: ssl_error_illegal_parameter_alert)"
Attempts to re-access the same page by hitting reload a few times are
eventually successful.
This did not occur with apache2.2, but it was so annoying to our users that
I had to go back to SSLProtocol All and risk breaking old subversion
clients.
This means you unfortunately won't be able to reproduce the problem using my
server. :(
However, the recipe seems simple enough: apache2 (2.2 or 2.4, doesn't
matter) with mod_ssl and "SSLProtocol -all +SSLv3" should be sufficient.
Andras
--
On a clear disk you can seek forever.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
