Re: [users@httpd] apache 2.4.10 sslv3 not offering when tls is enabled

2017-02-09 Thread Mitchell Krog Photography
Your SSL config for Apache 2.4.10 should be as follows ... SSLEngine on SSLCertificateFile /path/to/signed_certificate_followed_by_intermediate_certs SSLCertificateKeyFile /path/to/private/key # Uncomment the following directive when using client certificate authentication

[users@httpd] (failed)net::ERR_SSL_PROTOCOL_ERROR in Chrome and IE

2017-02-09 Thread sadguru.ch.n.v
Hi Currently we have a setting to prompt certificate for all the URLs. SSLVerifyClient require Now we are trying to exclude error pages from the certificate prompt and we have tried something like below and it is seems to be working fine. I don't think there is any problem with the rule

[users@httpd] Logging requests and authentication in real time, not only when the request is done.

2017-02-09 Thread Jesus Cea
Apache logs the access when it is done. I have a platform where a request can take several minutes to finish because the files to transfer are huge, and I would need be able to have "snapshots" of who is connected (authentication) and to which URL. I can not wait until the request is done.

Re: [users@httpd] apache 2.4.10 sslv3 not offering when tls is enabled

2017-02-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel, On 2/9/17 4:53 PM, Daniel wrote: > Try manually: > > SSLProtocol SSLv3 TLSv1 TLSv1.1 TLSv1.2 And, please, for the love of god, add these, too: SSLHonorServerOrder On SSLCipherSuite TLSv1.2:TLSv1.1:TLSv1:SSLv3 This will cause "better" cip

Re: [users@httpd] apache 2.4.10 sslv3 not offering when tls is enabled

2017-02-09 Thread Daniel
Try manually: SSLProtocol SSLv3 TLSv1 TLSv1.1 TLSv1.2 2017-02-09 17:30 GMT+01:00 Sven Crul : > Hi, > > > I switch to debian with apache 2.4.10 where I need sslv3 for backwards > compatibility with some OLD clients > > I use openssl 1.0.1t (latest stable for debian) > > > with the settings "sslp

[users@httpd] apache 2.4.10 sslv3 not offering when tls is enabled

2017-02-09 Thread Sven Crul
Hi, I switch to debian with apache 2.4.10 where I need sslv3 for backwards compatibility with some OLD clients I use openssl 1.0.1t (latest stable for debian) with the settings "sslprotocol all" in ssl.conf sslv3 is not offered with the setting "sslprotocol sslv3" in ssl.conf it works but