https://bz.apache.org/bugzilla/show_bug.cgi?id=69421
Bug ID: 69421
Summary: SSLVerifyClient require + TLS 1.3 = Cannot perform
Post-Handshake Authentication
Product: Apache httpd-2
Version: 2.4.62
Hardware: Macintosh
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hello,
I just installed a fresh server, running debian 12 (comes with Apache 2.4.62),
and I have a page protected with client certificate.
1- When I try to access the page using a browser (Safari on recent macOS) I
have "You don't have permission to access this resource.Reason: Cannot perform
Post-Handshake Authentication."
In log, the following error is logged:
[Thu Oct 31 18:53:19.591300 2024] [ssl:error] [pid 2740:tid 2777] [client
83.202.xx.xx:62955] AH10158: cannot perform post-handshake authentication
[Thu Oct 31 18:53:19.591499 2024] [ssl:error] [pid 2740:tid 2777] SSL Library
Error: error:0A000117:SSL routines::extension not received
I've also run tests using curl, it returns the same error until I use
"--tls-max 1.2" arg to force 1.2.
2- I've also tried to disable TLS 1.3, on Apache side, to perform some tests,
but the following directive didn't disable it
"SSLProtocol -all +TLSv1.2 +TLSv1.1"
Are those two behaviors normal?
Thanks
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
