From lcohen at novetta.com Fri Jul 24 19:37:30 2015 From: lcohen at novetta.com (Cohen, Laurence) Date: Fri, 24 Jul 2015 15:37:30 -0400 Subject: [Mod_nss-list] Error 413 Message-ID: Hi, We recently updated our servers with mod_nss, from mod_ssl. Once we did this, when we try to upload large files we get an http error code 413 with the following text. Request Entity Too LargeThe requested resource /dse/submissions/100103046/add_file does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. I've tried updating the LimitRequestBody parameter to 0 which had no effect. I also am looking for the syntax for SSLRenegBufferSize parameter in the nss.conf file because this parameter does not work in nss.conf as is. Does anyone have any advice as to how to get past this problem? Does anyone know how to convert SSLRenegBufferSize for use in nss.conf? Thank you, Larry Cohen -------------- next part -------------- An HTML attachment was scrubbed... URL: From rcritten at redhat.com Fri Jul 24 20:09:46 2015 From: rcritten at redhat.com (Rob Crittenden) Date: Fri, 24 Jul 2015 16:09:46 -0400 Subject: [Mod_nss-list] Error 413 In-Reply-To: References: Message-ID: <55B29B8A.4020704@redhat.com> Cohen, Laurence wrote: > Hi, > > We recently updated our servers with mod_nss, from mod_ssl. Once we did > this, when we try to upload large files we get an http error code 413 > with the following text. > > > Request Entity Too Large > > The requested resource > /dse/submissions/100103046/add_file > does not allow request data with POST requests, or the amount of data > provided in the request exceeds the capacity limit. > > I've tried updating the LimitRequestBody parameter to 0 which had no > effect. I also am looking for the syntax for SSLRenegBufferSize > parameter in the nss.conf file because this parameter does not work in > nss.conf as is. > > Does anyone have any advice as to how to get past this problem? Does > anyone know how to convert SSLRenegBufferSize for use in nss.conf? There is a bugzilla for it, 1214366. I have a candidate fix in my tree but haven't pushed it yet. I'll attach the patch in case you want to give it a go. rob -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-RenegBufferSize-option.patch Type: text/x-diff Size: 7356 bytes Desc: not available URL: From lcohen at novetta.com Fri Jul 24 20:19:00 2015 From: lcohen at novetta.com (Cohen, Laurence) Date: Fri, 24 Jul 2015 16:19:00 -0400 Subject: [Mod_nss-list] Error 413 In-Reply-To: <55B29B8A.4020704@redhat.com> References: <55B29B8A.4020704@redhat.com> Message-ID: Ok, thanks much! On Fri, Jul 24, 2015 at 4:09 PM, Rob Crittenden wrote: > Cohen, Laurence wrote: > >> Hi, >> >> We recently updated our servers with mod_nss, from mod_ssl. Once we did >> this, when we try to upload large files we get an http error code 413 >> with the following text. >> >> >> Request Entity Too Large >> >> The requested resource >> /dse/submissions/100103046/add_file >> does not allow request data with POST requests, or the amount of data >> provided in the request exceeds the capacity limit. >> >> I've tried updating the LimitRequestBody parameter to 0 which had no >> effect. I also am looking for the syntax for SSLRenegBufferSize >> parameter in the nss.conf file because this parameter does not work in >> nss.conf as is. >> >> Does anyone have any advice as to how to get past this problem? Does >> anyone know how to convert SSLRenegBufferSize for use in nss.conf? >> > > There is a bugzilla for it, 1214366. > > I have a candidate fix in my tree but haven't pushed it yet. I'll attach > the patch in case you want to give it a go. > > rob > -- [image: www.novetta.com] Larry Cohen System Administrator 12021 Sunset Hills Road, Suite 400 Reston, VA 20190 Email lcohen at novetta.com Office 703-885-1064 -------------- next part -------------- An HTML attachment was scrubbed... URL: From albert.l.smith12.ctr at mail.mil Wed Jul 29 19:13:22 2015 From: albert.l.smith12.ctr at mail.mil (Smith, Albert L CTR OSD OUSD ATL (US)) Date: Wed, 29 Jul 2015 19:13:22 +0000 Subject: [Mod_nss-list] - TLSv1_1 and TLSv1_2 Message-ID: Hello I'm having trouble with my RHEL5 apache/mod_nss (running current patch levels) and using TLSv1_1 and TLSv1_2. To disable all SSL versions and use only TLS my directive is the following (entered in both server and virtualhost areas): NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2 I have no trouble successfully using TLSv1 but get protocol errors when I attempt to force a connection using TLSv1_1 or TLSv1_2 (I see the errors in a wireshark/tcpdump analysis). I believe the underlying libraries 'libnss_*' support the versions but not sure if mod_nss does. Thank you for your attention, -Albert Smith Infrastructure Team OUSD(AT&L) eBusiness Center 703 571-3015 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5645 bytes Desc: not available URL: From rcritten at redhat.com Wed Jul 29 19:22:11 2015 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 29 Jul 2015 15:22:11 -0400 Subject: [Mod_nss-list] - TLSv1_1 and TLSv1_2 In-Reply-To: References: Message-ID: <55B927E3.2060400@redhat.com> Smith, Albert L CTR OSD OUSD ATL (US) wrote: > Hello > > I'm having trouble with my RHEL5 apache/mod_nss (running current patch levels) and using TLSv1_1 and TLSv1_2. > > To disable all SSL versions and use only TLS my directive is the following (entered in both server and virtualhost areas): > NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2 > > I have no trouble successfully using TLSv1 but get protocol errors when I attempt to force a connection using TLSv1_1 or TLSv1_2 (I see the errors in a wireshark/tcpdump analysis). > I believe the underlying libraries 'libnss_*' support the versions but not sure if mod_nss does. > > Thank you for your attention, mod_nss on EL 5 doesn't support TLSv1.1 or 1.2. You could try opening a support case with Red Hat and ask for it to be backported. rob From albert.l.smith12.ctr at mail.mil Wed Jul 29 18:50:42 2015 From: albert.l.smith12.ctr at mail.mil (Smith, Albert L CTR OSD OUSD ATL (US)) Date: Wed, 29 Jul 2015 18:50:42 +0000 Subject: [Mod_nss-list] - TLSv1_1 and TLSv1_2 Message-ID: Hello I'm having trouble with my RHEL5 apache/mod_nss (running current patch levels) and using TLSv1_1 and TLSv1_2. To disable all SSL versions and use only TLS my directive is the following (entered in both server and virtualhost areas): NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2 I have no trouble successfully using TLSv1 but get protocol errors when I attempt to force a connection using TLSv1_1 or TLSv1_2 (I see the errors in a wireshark/tcpdump analysis). I believe the underlying libraries 'libnss_*' support the versions but not sure if mod_nss does. Thank you for your attention, -Albert Smith Infrastructure Team OUSD(AT&L) eBusiness Center 703 571-3015 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5645 bytes Desc: not available URL: