[lug] Occasional Apache SSL Error
bgiles at coyotesong.com
Mon Apr 25 09:28:58 MDT 2011
On Sun, Apr 24, 2011 at 11:04 PM, David L. Anselmi <anselmi at anselmi.us>wrote:
> Ben Luey wrote:
> > The default SSL logging (/var/log/apache2/ssl_access.log and
> /var/log/apache2/error.log with log
> > level warn doesn't show anything for the 'bad' traffic. No record of the
> GET request or
> > anything.
> I'd expect the server to be oblivious to the client complaining about a bad
> sig. Although the
> client calling it a "peer" seems suspicious (unless that's SSL protocol
> terminology). But the
> server ought to notice a protocol error.
That's SSL terminology since it's just a network connection.
Related: we're used to seeing server-side authentication but it's also
perfectly reasonable to require client-side authentication or mutual
authentication. Some things make more sense when you keep that in mind.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the LUG