Hi Daniel,

I have the SSL setup already as you have mentioned
except these two lines.

SSLVerifyClient require
SSLVerifyDepth 1

And moreover this erros I'm seeing in only one server.
In all other servers, this works perfectly fine.

Do I need to look for any machine specific things,
that could be causing the problem.

As of now, the problem has been seen only in this
configuration:

Windows 2000 Professional with Service Pack 3.

Any ideas ?

Thanks,
-Alaka

--- Daniel Kimblad
wrote:

> Here follows a simple full server SSL setup for
> reference.
>

----------------------------------------------------------
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
>
> SSLPassPhraseDialog builtin
> SSLSessionCache dbm:logs/ssl_scache
> SSLSessionCacheTimeout 300
>
> SSLMutex default
>
> SSLCertificateFile conf/ssl/www.yourdomain.com.crt
> SSLCertificateKeyFile
> conf/ssl/www.yourdomain.com.key
>
> SSLCACertificatePath conf/ssl
> SSLCACertificateFile conf/ssl/YourCA.crt
>
> SSLCARevocationFile conf/ssl/YourCA.crl
>
> SSLCipherSuite HIGH:MEDIUM
> SSLProtocol all -SSLv2
> SSLEngine on
>
> SSLVerifyClient require
> SSLVerifyDepth 1
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
>

----------------------------------------------------------
> This will allow connections with SSLv3 and TLSv1
> from clients
> with proper certificates.
> To skip client auth just remove these two lines:
>

----------------------------------------------------------
>
> SSLVerifyClient require
> SSLVerifyDepth 1
>
>

----------------------------------------------------------
> Hope that was helpful.
>
> /Daniel, Gizmondo Studios
>
>
> ----- Original Message -----
> From: "Alaka Pathy"
> To:
> Sent: Tuesday, May 31, 2005 9:44 AM
> Subject: Getting 'no shared ciphers' while
> connecting to the server
>
>
> > Hi All,
> >
> > I'm using Apache 1.3.31 with mod_ssl 2.8.17 and
> > OpenSSL 0.9.7d binaries. I use RSA based self

> signed
> > certificates for SSL communication.
> > My httpd.conf has the following SSLCipherSuite
> > configured
> >
> > SSLSessionCacheTimeout 600
> > SSLOptions +StdEnvVars +ExportCertData
> > SSLCipherSuite
> >

>

ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:+HIGH:+MEDIUM :+LOW:+SSLv2:+EXP:+eNULL
> >
> > But, in a freshly installed server, the server

> doesn't
> > accept any requests and I get the following errors
> > repeatedly in the Apache error log
> >
> > mod_ssl: SSL handshake failed (server
> > 198.149.32.40:443, client 198.149.32.32) (OpenSSL
> > library error follows)
> > [Mon May 23 13:37:43 2005] [error] OpenSSL:
> > error:1408A0C1:SSL

> routines:SSL3_GET_CLIENT_HELLO:no
> > shared cipher
> > [Hint: Too restrictive SSLCipherSuite or using DSA
> > server certificate?]
> >
> > I browsed the modssl FAQ and got, that sometimes
> > regenerating certificates helps. I regenerated the
> > server certificates, but I'm still facing the same
> > issue.
> >
> > Has anybody experienced such an error ? Any help

> is
> > appreciated.
> >
> > Thanks in advance,
> > -Alaka
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam

> protection around
> > http://mail.yahoo.com
> >

>

__________________________________________________ ____________________
> > Apache Interface to OpenSSL (mod_ssl)

> www.modssl.org
> > User Support Mailing List

> modssl-users@modssl.org
> > Automated List Manager

> majordomo@modssl.org
> >

>
>
>

__________________________________________________ ____________________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> modssl-users@modssl.org
> Automated List Manager
> majordomo@modssl.org
>





__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org