Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
Re: [suse-security] Apache & mod_SSL
  • From: Bastian Friedrich <bastian.friedrich@xxxxxx>
  • Date: Fri, 14 Jul 2000 01:05:34 +0200 (MEST)
  • Message-id: <Pine.LNX.4.21.0007140105120.9461-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Hi!

Eric CHAPMAN behauptete am Thu, 13 Jul 2000 um 20:58:
>
> [...]
> <IfDefine SSL>
> Listen 80
> Listen 443
> </IfDefine>
> [...]
> NameVirtualHost 123.456.78.9:80
> NameVirtualHost 123.456.78.9:443

Looks good so far.

> <VirtualHost my1st.host.org:80>
> SSLDisable

Uh? You probably wanted to use "SSLEngine off" ...
[...]
> </VirtualHost>
>
> <VirtualHost my2nd.host.org:443>
> SSLEnable

... and "SSLEngine on". I never saw "SSLDisable" and "SSLEnable" and can't
find anything about them in the docs.

[...]
> </VirtualHost>
> [...more VirtualHost:80...]

Fine. Remember, you cannot have multiple NameVirtualHosts via SSL (the
server would have to know witch host you want to connect to _before_ the
SSL handshake, but it gets the HTTP-"Host:"-Statement after the
handshake; sad enough...).

> [13/Jul/2000 23:38:24 28689] [warn] Init: (my2nd.host.org:443) You
> configured HTTP(80) on the standard HTTPS(443) port!

Yup, you are listening to port 443 with a non-ssl server (as SSLEnable
does nothing).

> then I got the 'You configured HTTP(80) on the standard HTTPS(443)
> port!' for every Virtualhost. The server will not load unless I
> comment out the 443 Host. The Apache and mod_ssl online documents have
> not been very conclusive so far...

They would have been if you had looked for "SSLEn/Disable"... Btw, the
default SuSE httpd config is quite a fine example...

Ciao,
Basti

--
Bastian Friedrich bastian@xxxxxxxxxxxxxxxxxxxx
Adress & Fon available on my HP http://www.bastian-friedrich.de/
\-----------------------------------------------------------------\
\ Funny off-topic messages are always on-topic.


< Previous Next >
Follow Ups
References