[Mac_crypto] Re: Mac IE 5: Data decryption error

R. A. Hettinga mac_crypto@vmeng.com
Sat, 27 Mar 2004 10:16:20 -0500


--- begin forwarded text


Cc: <macos-x-server@lists.apple.com>
From: Andre LaBranche <andre@core.dreness.com>
Subject: Re: Mac IE 5: Data decryption error
Date: Fri, 26 Mar 2004 15:46:06 -0800
To: Randall Perry <rgp@systame.com>
Sender: macos-x-server-admin@lists.apple.com
List-Id: for administrators of Mac OS X Server and related technologies.
<macos-x-server.lists.apple.com>
List-Post: <mailto:macos-x-server@lists.apple.com>
List-Help: <mailto:macos-x-server-request@lists.apple.com?subject=help>
List-Subscribe: <http://www.lists.apple.com/mailman/listinfo/macos-x-server>,
	<mailto:macos-x-server-request@lists.apple.com?subject=subscribe>

This sounds similar to (if not identical to) the error you'll see if
you're using self-signed certificates and the cert authority has not
been imported into the client's system keychain.

It's annoying the way IE reports this, instead of saying "this is
encrypted, but we don't trust the cert. issuer, so proceed at your own
risk", the error is much less clear, leading one to believe that the
traffic is not encrypted, when in fact the page will load, encrypted.

While we're on the topic, here's a little shell script I wrote to
import ca certs into the system keychain in 10.3. Customize to your
liking.

http://www.dreness.com/bits/install_cacert.txt

-Andre

On Mar 25, 2004, at 4:17 PM, Randall Perry wrote:

> Suddenly getting the error 'Security Failure. Data decryption error.'
> in Mac
> IE 5.2.3 when connecting to my apache https.
>
> Checked the error.log and saw this:
>
> [Thu Mar 25 19:14:15 2004] [error] mod_ssl: SSL handshake interrupted
> by
> system [Hint: Stop button pressed in browser?!] (System error follows)
> [Thu Mar 25 19:14:15 2004] [error] System: Connection reset by peer
> (errno:
> 54)
>
> I know I tested this successfully in the past. I've got this enabled in
> httpd.conf:
>     BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
> force-response-1.0
>
> HELP!
>
>
> --
> Randall Perry
> sysTame
>
> Xserve Web Hosting/Co-location
> Website Development/Promotion
> Mac Consulting/Sales
>
> http://www.systame.com/
> _______________________________________________
> macos-x-server mailing list | macos-x-server@lists.apple.com
> Help/Unsubscribe/Archives:
> http://www.lists.apple.com/mailman/listinfo/macos-x-server
> Do not post admin requests to the list. They will be ignored.
_______________________________________________
macos-x-server mailing list | macos-x-server@lists.apple.com
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'