Hi, I've secured my apache by using SSL certificates (self-signed CA) for both server and clients, and I require them to the clients in order to connect. However, I have found these entries in ssl_access.log: 110.5.109.100 - - [03/Mar/2013:16:15:56 +0100] "GET /" 400 458 "-" "-" 93.174.88.31 - - [07/Mar/2013:15:25:54 +0100] "GET /" 400 458 "-" "-" If those clients do not have the certificates (I'm sure of that), and the negotiation is supposed to be encrypted because of the SSL, how is possible that they have reached the point to do a "GET /"? Am I missing something? I thought that SSL negotiation was performed before the requesting of any page :-s Regards Felix --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|