Ver Mensaje Individual
  #2 (permalink)  
Antiguo 09/03/2011, 10:48
lolocripto
 
Fecha de Ingreso: diciembre-2010
Mensajes: 79
Antigüedad: 13 años, 11 meses
Puntos: 3
Respuesta: SSLVerifyClient require falla cuando está dentro de <location>

Realmente no se puede porque es una vulnerabilidad de apache leer:

http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

o

http://serverfault.com/questions/182722/client-certificate-authentication-sslv3-alert-handshake-failure-when-location-dir

Para que funcionase deberíamos poner SSLInsecureRenegotiation on

Si nos vamos al manual de apache dice lo siguiente

"...As originally specified, all versions of the SSL and TLS protocols (up to and including TLS/1.2) were vulnerable to a Man-in-the-Middle attack (CVE-2009-3555) during a renegotiation. This vulnerability allowed an attacker to "prefix" a chosen plaintext to the HTTP request as seen by the web server. A protocol extension was developed which fixed this vulnerability if supported by both client and server...."

Saludos!!!

PD: Nadie se ha encontrado con este error o qué??