Ezproxy Ssl Error
Contents |
EZproxy Security FAQ EZproxy Security FAQ The following FAQ provide details about EZproxy V5.7.44 and before. For the most up-to-date information on EZproxy security issues, see EZproxy & OpenSSL and SSL Configuration. There are many SSL/TLS-related ezproxy import existing ssl certificate configuration options in EZproxy. When do I use Option EnableSSLv3, Option DisableSSLv2, and SSLCipherSuite? ezproxy sslciphersuite By default, EZproxy V5.7.44 disables SSL 3 and enables SSL2; however it also supports TLS 1.0. These config.txt statements control the ezproxy tls SSL/TLS options your instance of EZproxy will use. Option EnableSSLv3 SSL 2 and SSL 3 are older protocol definitions that normally should not be used. We provide the ability to use them since some legacy
Ezproxy Proxy By Port
environments may need them. If you are using an environment that requires SSL 3, you can force EZproxy to use this protocol by entering the following statement before an LoginPortSSL statements in your config.txt file: Option EnableSSLv3 For more details on SSL 2 and SSL 3, please see http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0. This article also describes transport level security (TLS), the successor to SSL 2 and SSL 3. Option DisableSSLv2 By default, EZproxy V5.7.44 ezproxy ssl certificate renewal disables SSL 3 and enables SSL 2. Because EZproxy V5.7.44 supports TLS 1.0 for client to webserver interactions, OCLC recommends that you also disable SSL 2 in addition to the default-disabled SSL 3.To do this, place the following statement before any LoginPortSSL statements in your config.txt file: Option DisableSSLv2 After disabling SSL 2 and retaining the default setting of disabled SSL 3, your EZproxy will default to TLS 1.0. EZproxy V6.0 will have the same SSL/TLS settings as V5.7.44. EZproxy V6.1 will be built with OpenSSL V1.x, and we plan to support TLS 1.1 and 1.2 with this build. EZproxy 6.1 will disable both SSL 3 and SSL 2 by default. SSLCipherSuite SSLCipherSuite offers finer grain control over SSL/TLS options. We use OpenSSL as our security library layer, and SSLCipherSuite options are passed directly to OpenSSL for processing. EZproxy V5.7.44 supports all of the cipher settings defined by http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS. SSLCipherSuite was introduced with the first V5.7 release. OCLC recommends updating to V5.7.44 if you use SSLCipherSuite. For more details about how to use SSLCipherSuite, see FAQ 2: Give me some details on SSLCipherSuite. Give me some details on SSLCipherSuite If SSLCipherSuite is present in config.txt, and no values are defined for this directive, EZproxy defaults to the values: SSLCipherSuite HIGH:MEDIUM:L
updates and offers Support & Training home EZproxy Documentation Troubleshooting Troubleshooting Common Problems This is a general list of issues to check when troubleshooting problems with proxying databases. You should option ignorewildcardcertificate try each suggestion in order, and after making each change, perform the
Ezproxy Ignorewildcardcertificate
Retest Procedure. Retest Procedure After making each of the changes suggested below, you will need to retest. Each time
Ezproxy Proxy By Hostname
you retest, you should: Close all browser windows Relaunch your browser Clear your browser cache Connect to the database and retest 0. First place to look: messages.txt If EZproxy is noticing https://www.oclc.org/support/services/ezproxy/faq/ezproxy-security-faq.en.html any issues, it will record error messages to the messages.txt file. If anything is wrong, the first place you should check is toward the end of this file. If you are able to log into EZproxy, you should be able to use the information at EZproxy Administration to create an administrative account and log into your EZproxy administration page where there are https://www.oclc.org/support/services/ezproxy/documentation/troubleshooting.en.html options to view this file. If you cannot access the administration page, you can view this file with a text editor or on Linux and Solaris with the tail command. 1. "Page not found," "Cannot find server or DNS," or remote browser waits and waits When users receive these errors in their browsers, it normally indicates to firewall or DNS issues. 1.a. Proxy by port has worked for awhile, but gives this error to all remote users for certain databases, particularly new databases If you have been successfully using EZproxy in proxy by port for awhile, but suddenly certain databases, particularly new databases, start exhibiting this behavior, the most common cause is a firewall configuration issue at your site. If you are using EZproxy 3.2b (2005-04-03) or later, you can use the Test Network Connectivity option on the administration page to test for this condition. In the most typical scenario, you install EZproxy with a default MaxVirtualHosts of 200, and your firewall administrator allows incoming access on ports 2048 and 2050-2252. You start seeing MaxVirtualHosts errors, so you increase MaxVirtualHosts to 300. The MaxVirtualHosts error
page content. Search Support & Training Contact OCLC Support System Alerts Librarian's Toolbox Bibliographic Formats and Standards Directory of OCLC Libraries System alerts Online Service Center More » Product Support Training https://www.oclc.org/support/services/ezproxy/release-notes.en.html Software & Reports Ordering & Billing Settings Menu Search Support & Training home EZproxy Documentation EZproxy Documentation Known Issues EZproxy Release Notes EZproxy Changes Archive Frequently Asked Questions Training EZproxy feeds Connect with fellow WorldShare users in the OCLC Community Center View demo Upgrade to EZproxy 6.1.13 Subscribe to OCLC updates and offers EZproxy Release Notes Release Notes for EZproxy V6.1 and later can ezproxy ssl be downloaded as PDFs. See EZproxy Changes Archive for all changes made prior to V6.0 (through V5.7.44). Version 6 Product Release Notes EZproxy v6.1 Release Notes EZproxy v6.1.10 Release Notes EZproxy v6.1.13 Release Notes EZproxy v6.1.16 Release Notes 2015-05-05 EZproxy changes for Version 6.0.8 Download EZproxy V6.0.8 here. Configuration Updates In EZproxy V6.0, CSS files were not being re-written by EZproxy. This issue has ezproxy proxy by been resolved. Mimetype “json” has been added to the default list of objects rewritten by EZproxy. Any stanzas that previously required the directive Mimefilter json to be added will no longer require this statement. However, it will not do any harm if you leave it in those stanzas that already have it. You don’t have to take it out, but you won’t need to add it. EZproxy can now send custom headers along with the requests that it sends to content providers using the Option AddHeader directive. config.txt directive: Option AddHeader name expression name The HTTP header key for EZproxy to send to the host (typically the content provider). This parameter cannot contain any spaces. expression An EZproxy expression, which will be evaluated by EZproxy and sent as the HTTP Header’s corresponding value. This may contain spaces. This is a position-specific parameter that can be set for individual databases. Place it within a database definition stanza, after the Title statement, for it to take effect for that stanza. Example: AddHeader X-TEST session:sessionid . ";" . IP() In this example, EZproxy sends a header with the name, X-TEST, to the content provider.