So in looking at the differences between ssl.conf and ssl.conf.rpmnew, in addition to my own additions for selecting cipher suites, etc, I see: 92c80 < SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 --- > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA where the 2nd line is from ssl.conf.rpmnew. Could the fact that ":!SEED:!IDEA" is missing from my ssl.conf be causing this problem? On 01/17/2016 11:36 AM, Ted To wrote: > So having run httpd -S, I can see that for port 443, > > default server theo.to (/etc/httpd/conf.d/ssl.conf:68) > > shows up (which is not right) but then shows up again: > > port 443 namevhost theo.to > (/etc/httpd/sites-enabled/theo.to.conf:7) > alias www.theo.to > > Looking in /etc/httpd/conf.d, I see that there is an ssl.conf.rpmnew. > Do I need to merge in changes from the new default configuration? > > Thanks, > Ted > > On 01/16/2016 07:44 PM, Yehuda Katz wrote: >> Maybe the updated openssl doesn't like something about your certificates. >> >> Does Apache have any warnings or notices when it starts up? >> Try running httpd -S which lists all the vhosts Apache has and see if it >> matches what you expect. >> You may also see the errors from that command (tested on RHEL 7 - not >> quite the same as Centos, but should be pretty close). >> >> - Y >> >> On Sat, Jan 16, 2016 at 3:18 PM, Ted To <ted@xxxxxxx >> <mailto:ted@xxxxxxx>> wrote: >> >> Hi, >> >> Up until roughly a week ago, my VPS web server was working properly. >> From what I can see, the only change is that nss, nss-tools, openssl and >> gnutls were updated. On Monday, Jan 11, I noticed that I was getting an >> SSL error when running "svn up". When trying to open the url in a web >> browser, the page would not open but I could open it with w3m by >> accepting the certificate -- I was directed to the default CentOS apache >> start page. The strange thing is that it only happens for a minority of >> my domains/subdomains. >> >> I am running Apache 2.4.6 on a Centos 7 box. >> >> Any thoughts/suggestions for what could be going on here? >> >> Thanks in advance! >> >> Ted To >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> <mailto:users-help@xxxxxxxxxxxxxxxx> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|