It works with what you suggested. Apache is running on a Linux box.
Is there something to set in Apache to resolve this?
--
Georges-Etienne Legendre, ing. jr
On 29-Jan-09, at 3:56 AM, Victor Duchovni wrote:
On Wed, Jan 28, 2009 at 09:16:18PM -0500, Georges-Etienne Legendre
wrote:
Can you help me out?
When I execute:
openssl s_client -connect 204.101.57.74:443
I'm getting this error:
47620:error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type
is not 01:rsa_pk1.c:100:
47620:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding
check
failed:rsa_eay.c:697:
47620:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad
signature:s3_clnt.c:1448:
Apache 2.2.3 is handling the request, compiled with OpenSSL 0.9.8i.
It does the same if I use another certificate (self-signed). I must
be an
Apache / OpenSSL problem. From the browser (Firefox) the
certificate is
accepted.
Firefox negotiates 128-bit RC4-SHA in preference to 3DES, it probably
rates 3DES as a 112-bit cipher. While s_client rates 3DES as a 168-
bit
cipher and the server's 3DES implementation is broken. Is the server
running Apache on Windows based on Microsoft's CryptoAPI?
Try:
$ openssl s_client -cipher 'DEFAULT:!3DES' ...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
