Article delegate-en/443 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Problems with SSLway + Netscape 4.04 + 1024 bit RSA server key || SSL3
08 May 1999 02:33:57 GMT pxmaqbdyi-e6yeroaerylr.ml@ml.delegate.org




Dear Sir,

I am writing to thank you for a marvellous product in DeleGate  5.9.1.

I would like to use it as to allow SSL clients to access a bare HTTP server
(called //external) with this config

HERE=`pwd`
export SSL_SERVER_KEY_FILE; SSL_SERVER_KEY_FILE=$HERE/server-key.pem
export SSL_SERVER_CERT_FILE; SSL_SERVER_CERT_FILE=$HERE/server-cert.pem
$HERE/src/delegated \
        -PPericles.IPAustralia.gov.au:443 \
        RELIABLE="*" \
        DGROOT=/usr/local/delegate \
        SERVER=https \
        MOUNT="/* http://external/*" \
        FCL="$HERE/filters/sslway -ac"

The DeleGate Host is FreeBSD 2.2.8-STABLE, the SSLeay version 0.9.0b.

When I have a 1024 bit key in the Servers key file and certificate, Netscape
will not connect to
Delegate with SSL v3.

If I reduce the key lenght to 512 bits Netscape will connect.

Here are the SSLway messages on connection failure

05/08 10:39:16.83 [2420] 10+0: #### execFilter[FCL] /usr/home/anwsmh/build/deleg
ate5.9.1/filters/sslway -ac
## SSLway[2421](scorch.dynamite.com.au) start
## SSLway[2421](scorch.dynamite.com.au) accept failed
2421:error:1409B0AB:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:missing tmp rsa k
ey:s3_srvr.c:926:
05/08 10:39:17.14 [2419] 10+0: HTTP empty_request ? from scorch.dynamite.com.au
(1)

Whereas the log messages for SSL v2 or a 512 bit server key

## SSLway[2913](Pericles.IPAustralia.gov.au) start
## SSLway[2913](Pericles.IPAustralia.gov.au) accepted
## SSLway[2913](Pericles.IPAustralia.gov.au) client's cert. = NONE
## SSLway[2913](Pericles.IPAustralia.gov.au) done

You have built a top product. Thank you very much.

Yours sincerely.

Stanley Hopcroft

IP Australia

PS You are welcome to use the DeleGate on Pericles.IPAustralia.gov.au.






  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V