Hello,
anybody out there who can help me with the below mentioned problem or know a
link to a how-to guide to fix the problem ?
Your help is highly appreciated !
Thanks
Christoph
----- Original Message -----
From: "Christoph Votruba"
Hello group,
i have one serious problem with the ssl-engine (or apache itself ?) as some visitors were able to bring my box down.
i have installed the latest patches via yast on my SuSE 7.3/Apache 1.3.20 box:
apache-devel-1.3.20-70 apache-doc-1.3.20-70 apache-1.3.20-70 openssl-devel-0.9.6b-150 openssl-0.9.6b-150 mod_ssl-2.8.4-70
the error message from /var/log/httpd/error_log (repeated 100+ times):
[Mon Oct 14 10:26:09 2002] [error] [client 61.60.10.30] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /
the error message from /var/log/httpd/ssl_engine_log:
[14/Oct/2002 10:26:09 20904] [info] Connection to child 57 established (server domain.com:443, client 61.60.10.30) [14/Oct/2002 10:26:09 20904] [info] Seeding PRNG with 1160 bytes of entropy [14/Oct/2002 10:26:09 20904] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [14/Oct/2002 10:26:11 20908] [info] Connection to child 61 established (server domain.com:443, client 61.60.10.30) [14/Oct/2002 10:26:11 20908] [info] Seeding PRNG with 1160 bytes of entropy [14/Oct/2002 10:26:11 20908] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [14/Oct/2002 10:26:11 20908] [info] Connection to child 61 established (server domain.com:443, client 61.60.10.30) [14/Oct/2002 10:26:11 20908] [info] Seeding PRNG with 1160 bytes of entropy [14/Oct/2002 10:26:11 20908] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?]
after that my box was down for approx. 1-2 minutes....
1) any hints to repair that ? 2) how to completely remove the above mentioned rpm packages and reinstall again ? would you recommend this ? 3) is there a script outside i could use to test my own box against buffer overflows ?