Hi,
I've secured my apache by using SSL certificates (self-signed CA) for both server
and clients, and I require them to the clients in order to connect. However, I
have found these entries in ssl_access.log:
110.5.109.100 - - [03/Mar/2013:16:15:56 +0100] "GET /" 400 458 "-" "-"
93.174.88.31 - - [07/Mar/2013:15:25:54 +0100] "GET /" 400 458 "-" "-"
If those clients do not have the certificates (I'm sure of that), and the
negotiation is supposed to be encrypted because of the SSL, how is possible that
they have reached the point to do a "GET /"? Am I missing something? I thought
that SSL negotiation was performed before the requesting of any page :-s
Regards
Felix
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|