https://bz.apache.org/bugzilla/show_bug.cgi?id=62413
--- Comment #2 from Dennis Clarke <[email protected]> --- Reasonable idea however using "SSLProtocol All" now allows TLS 1.0 and TLS 1.1 and also TLS 1.2 but nothing for TLS 1.3 : $ /usr/local/bin/openssl s_client -connect www.tls13.net:443 -tls1_3 no connection at all. However TLS 1.2 is fine : $ /usr/local/bin/openssl s_client -connect www.tls13.net:443 -tls1_2 CONNECTED(00000004) depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify error:num=20:unable to get local issuer certificate --- Certificate chain 0 s:CN = *.tls13.net i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- . . . -----END CERTIFICATE----- subject=CN = *.tls13.net issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 3396 bytes and written 309 bytes Verification error: unable to get local issuer certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 . . . etc etc etc I get similar responses using -tls1_1 and just -tls1 and in every case the exact same cipher ECDHE-RSA-AES256-SHA. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
