[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SSL Port 443 Issue
- Subject: Re: [cobalt-security] SSL Port 443 Issue
- From: Anders <andersb@xxxxxxxxxxx>
- Date: Mon, 16 Feb 2004 08:45:07 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
David Seaton wrote:
> I've been having this problem with my SSL as of late and can't find anything
> useful when trying to search for a solution.
> Currently if I use SSL on my websites the URL header changes to
> http://URL:443.
>
> For example if you type in:
> https://www.seltron.com/webmail
> The browser will come out with
> http://www.seltron.com:443/webmail/
> Which I haven't determine if that is secure.
> However, I have noticed that if I type in:
> https://www.seltron.com/webmail/
> With an ending slash, there seems not to be a problem.
>
> The best I can come up with is some sort of Apache config issue.
> Has anyone ever seen this before? Any thoughts on how to solve it?
This is a known bug with the latest Apache from Sun
(apache-1.3.20-Alpine_1C14stackguard), which is broken...
It was updated with Update #16644, that has now been pulled
from BlueLinQ and the FTP servers (they do that when there
is a problem with the updates, reported by angry customers)
See instructions for rolling back to previous Apache here:
http://cobalt-forum.sun.com/forum/index.php?t=msg&th=6083
Note that this is just a workaround, and they still need to
come out with a proper patch. Perhaps tested this time ?
--anders
PS. The exact problem (and fix!) was reported three weeks ago.
(see the cobalt-users list archives for technical details)
Normal turnaround time is around a month, perhaps more now
when all Cobalt engineering has been outsourced by Sun ?