[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] SSL Port 443 Issue

Subject: Re: [cobalt-security] SSL Port 443 Issue
From: "David Seaton" <david@xxxxxxxxxxx>
Date: Mon, 16 Feb 2004 03:43:08 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Thank you very much Anders,
I did a search on google which usually does a good job of searching cobalt-user but found nothing.
Perhaps I'll be a little more diligent and search the list directly.
Thanks again!


----- Original Message ----- 
From: "Anders" <andersb@xxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, February 16, 2004 2:45 AM
Subject: Re: [cobalt-security] SSL Port 443 Issue


David Seaton wrote:

> I've been having this problem with my SSL as of late and can't find anything
> useful when trying to search for a solution.
> Currently if I use SSL on my websites the URL header changes to
> http://URL:443.
>
> For example if you type in:
> https://www.seltron.com/webmail
> The browser will come out with
> http://www.seltron.com:443/webmail/
> Which I haven't determine if that is secure.
> However, I have noticed that if I type in:
> https://www.seltron.com/webmail/
> With an ending slash, there seems not to be a problem.
>
> The best I can come up with is some sort of Apache config issue.
> Has anyone ever seen this before? Any thoughts on how to solve it?

This is a known bug with the latest Apache from Sun
(apache-1.3.20-Alpine_1C14stackguard), which is broken...

It was updated with Update #16644, that has now been pulled
from BlueLinQ and the FTP servers (they do that when there
is a problem with the updates, reported by angry customers)

See instructions for rolling back to previous Apache here:
http://cobalt-forum.sun.com/forum/index.php?t=msg&th=6083

Note that this is just a workaround, and they still need to
come out with a proper patch. Perhaps tested this time ?

--anders

PS. The exact problem (and fix!) was reported three weeks ago.
    (see the cobalt-users list archives for technical details)
    Normal turnaround time is around a month, perhaps more now
    when all Cobalt engineering has been outsourced by Sun ?

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- Re: [cobalt-security] SSL Port 443 Issue
  - From: Anders

Prev by Date: Re: [cobalt-security] SSL Port 443 Issue
Next by Date: [cobalt-security] ssh listening on ports 81 & 444
Previous by thread: Re: [cobalt-security] SSL Port 443 Issue
Next by thread: Re: [cobalt-security] SSL Port 443 Issue

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index