[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-ssl
Subject:    Re: [apache-ssl] Explorer Cipher Strenght = 56
From:       "Rob Winningham" <Rob_Winningham () rayberndtson ! com>
Date:       2000-12-15 15:32:08
[Download RAW message or body]



> HI!
>  I have ssl certificate from Telia on my page . When I want to connect
> to this page from Internet Explorer ( 56 bits key ) , it can't connect .
> When I upgrade IE to 128 bits everything is ok . Is it possibly to force
> apache ( mod_ssl ) to connect with browser ( which only support 56 bits
> ) , and connect 128 with other one .
>
> Regards
>
> Maciej Bogucki, Network Administrator

I had a similar problem on a Digital Alpha (Tru64 4.0f).  It had to do with the
random device I was using.  Until apache_ssl 1.41, the entropy gathering device
was not supported, and since Tru64 doesn't have a random device, I had to write
my own.  I tried using egd, but I had results identical to yours.

In order to do so, you must have an SSLRandomFile or SSLRandomFilePerConnection
directive in your .conf.  Here's the urls to the docs.

http://www.apache-ssl.org/docs.html#SSLRandomFile
http://www.apache-ssl.org/docs.html#SSLRandomFilePerConnection

Here's an example:

SSLRandomFile /dev/random 1024
SSLRandomFilePerConnection /dev/random 1024

If I'm not mistaken, since OpenSSL 0.9.5a, these directives are mandatory.  If
you don't have a random (or urandom) device on your server, you can use egd.
If you do use egd, be sure to use apache_ssl 1.41.  Also, the syntax is a
little different for egd than for random:

SSLRandomFile egd /etc/entropy 1024
SSLRandomFilePerConnection egd /etc/entropy 1024

==Rob==



-----------------------------------------------------------------------------------
to unsubscribe, send a blank email to: apache-ssl-unsubscribe@lists.aldigital.co.uk

[prev in list] [next in list] [prev in thread] [next in thread]