I've setup the latest version of CalendarServer on Wheezy and everything works fine with the exception of SSL functionality. The public, private and CA cert files are configured as described in the default configuration and they are accessible by CalendarServer. Nothing can connect to the SSL port, and neither the access or error logs show anything. Phython2.7 is listening on the SSL port. The only thing I could get was from Firefox giving the error: (Error code: ssl_error_no_cypher_overlap). I tried setting the SSLChiphers key to ALL in caldavd.plist but nothing happened.
Hi, A great SSL resource is the "OpenSSL Command-line Howto", which you can find here: http://www.madboa.com/geek/openssl/ In particular, try this command, and please respond with the output: openssl s_client -connect yourserver:8443 You could also be dealing with a TLS version mismatch. The output from the openssl command above will tell us which cipher and TLS version is used upon a successful connection. -dre On Mar 9, 2014, at 4:23 PM, m@ainc.be wrote:
I've setup the latest version of CalendarServer on Wheezy and everything works fine with the exception of SSL functionality. The public, private and CA cert files are configured as described in the default configuration and they are accessible by CalendarServer. Nothing can connect to the SSL port, and neither the access or error logs show anything. Phython2.7 is listening on the SSL port. The only thing I could get was from Firefox giving the error: (Error code: ssl_error_no_cypher_overlap). I tried setting the SSLChiphers key to ALL in caldavd.plist but nothing happened. _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/calendarserver-users
On 10.03.2014 00:23, m@ainc.be wrote:
I've setup the latest version of CalendarServer on Wheezy and everything works fine with the exception of SSL functionality. The public, private and CA cert files are configured as described in the default configuration and they are accessible by CalendarServer. Nothing can connect to the SSL port, and neither the access or error logs show anything. Phython2.7 is listening on the SSL port. The only thing I could get was from Firefox giving the error: (Error code: ssl_error_no_cypher_overlap). I tried setting the SSLChiphers key to ALL in caldavd.plist but nothing happened. _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/calendarserver-users
Hi m@ainc.be we had also problems with SSL and calendarserver 3 under Wheezy. It all was solved when we added the server certificate also the the chain certificate: - SSLCertificate => single server cert - SSLAuthorityChain => server cert, issuing/intermediate cert(s), root cert (with "cat >> chain-file") Give it a try, our SSL works fine now, without any cipher settings best regards, Radim
Thank you for the reply, very much appreciated. The issue is fixed (after changing SSLAuthorityChain as suggested). Many thanks, ------ Original Message ------ From: "R.Sv." <rsv@balsec.com> To: calendarserver-users@lists.macosforge.org Sent: 11/03/2014 4:02:29 AM Subject: Re: [CalendarServer-users] SSL Ciphers
On 10.03.2014 00:23, m@ainc.be wrote:
I've setup the latest version of CalendarServer on Wheezy and everything works fine with the exception of SSL functionality. The public, private and CA cert files are configured as described in the default configuration and they are accessible by CalendarServer. Nothing can connect to the SSL port, and neither the access or error logs show anything. Phython2.7 is listening on the SSL port. The only thing I could get was from Firefox giving the error: (Error code: ssl_error_no_cypher_overlap). I tried setting the SSLChiphers key to ALL in caldavd.plist but nothing happened. _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/calendarserver-users
Hi m@ainc.be
we had also problems with SSL and calendarserver 3 under Wheezy. It all was solved when we added the server certificate also the the chain certificate: - SSLCertificate => single server cert - SSLAuthorityChain => server cert, issuing/intermediate cert(s), root cert (with "cat >> chain-file")
Give it a try, our SSL works fine now, without any cipher settings
best regards, Radim _______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/calendarserver-users
participants (3)
-
Andre LaBranche
-
m@ainc.be
-
R.Sv.