How do you do.
Since I am a Japanese, I am not so good at English.
Please allow, even if there is a strange expression.
I am sorry to be main subject suddenly.
The following phenomena have occurred by the Web server which I
manage.
The following log will be outputted to error.log of apache and apache
will stop.
(However, since it is rebooted automatically immediately, it has not
been a big problem, now.)
[Tue Feb 11 06:29:00 2003] [error] [client 61.206.119.242] client sent
HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
[Tue Feb 11 06:29:08 2003] [error] mod_ssl: SSL handshake failed (server
jbank:443, client 61.206.119.242) (OpenSSL library error follows)
[Tue Feb 11 06:29:08 2003] [error] OpenSSL: error:1406908F:SSL
routines:GET_CLIENT_FINISHED:connection id is different
I knew and investigated the origin in question on the following pages.
http://www.auscert.org.au/render.html?it=2409&cid=1
Probably I think that I am the problem which has already become the
center of attention by the following threads.
[Red Hat Linux update for Linux Slapper worm]
(http://marc.theaimsgroup.com/?l=openssl-users&m=103251679904499&w=2)
Subject here was Red Hat Linux.
However, my server is WindowsNT.
(And Tomcat is 3.2.3 , Apache is 1.3.26 , mod_ssl is 2.8.10
, OpenSSL is 0.9.6d )
For the reason, it is troubled by judgment whether it is the really
same problem.
If it is coped (openSSL is upgraded to 0.9.6g or more ) with,
we have to stop a server.
It needs a serious decision.
Therefore, by upgrade to 0.9.6g or more, it can be coped with truly
or cannot have firm belief.
And I want to know whether upgrade of Tomcat,Apache and mod_ssl are
also required.
Please let me know what it should carry out,Well-informed persons.
Thanks you for your consideration.
Thanks you.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
