[neon] [Bug 416698] New: Apache2 and HTTPS queies do'nt work on KDE Neon 5.17

Fri, 24 Jan 2020 08:06:27 -0800 

https://bugs.kde.org/show_bug.cgi?id=416698

            Bug ID: 416698
           Summary: Apache2 and HTTPS queies do'nt work on KDE Neon 5.17
           Product: neon
           Version: unspecified
          Platform: Neon Packages
                OS: Linux
            Status: REPORTED
          Severity: grave
          Priority: NOR
         Component: general
          Assignee: neon-b...@kde.org
          Reporter: dev.fire...@vitalnet.fr
                CC: j...@jriddell.org, neon-b...@kde.org, sit...@kde.org
  Target Milestone: ---

SUMMARY

On KDE-Neon 5.17 with Apache/2.4.29 (Ubuntu) and OpenSSL 1.1.1d 10 Sep 2019,
the request HTTPS don't work

STEPS TO REPRODUCE
1. openssl s_client -debug -connect workdev01.org.fr:443  on KDE Neon
2. openssl s_client -debug -connect serverdevxn01.org.fr:443 on Ubuntu 18.04
with the same Apache configurations and components

OBSERVED RESULT

openssl s_client -debug -connect workdev01.org.fr:443
CONNECTED(00000003)
write to 0x162d080 [0x163cf10] (317 bytes => 317 (0x13D))
0000 - 16 03 01 01 38 01 00 01-34 03 03 96 b8 f6 ab be ....8...4.......
0010 - 6f 64 b7 6c 76 2e 5d b1-7c c5 b8 c5 65 24 3e f7 od.lv.].|...e$>.
0020 - 0b 16 eb fc 64 b6 3d 30-db 6b 5c 20 ed b5 57 21 ....d.=0.k\ ..W!
0030 - b5 be 5c 3b 50 fc 83 77-59 97 30 67 87 5b b3 cd ..\;P..wY.0g.[..
0040 - 1a b7 e8 d2 52 fc c9 2f-64 d1 23 35 00 3e 13 02 ....R../d.#5.>..
0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa .....,.0........
0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27 .+./...$.(.k.#.'
0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d .g.....9.....3..
0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 ad ...=.<.5./......
read from 0x162d080 [0x1633cf3] (5 bytes => 5 (0x5))
0000 - 48 54 54 50 2f HTTP/
140225635791936:error:1408F10B:SSL routines:ssl3_get_record:wrong version
number:../ssl/record/ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 317 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x162d080 [0x1621eb0] (8192 bytes => 484 (0x1E4))
0000 - 31 2e 31 20 34 30 30 20-42 61 64 20 52 65 71 75 1.1 400 Bad Requ
0010 - 65 73 74 0d 0a 44 61 74-65 3a 20 46 72 69 2c 20 est..Date: Fri,
0020 - 32 34 20 4a 61 6e 20 32-30 32 30 20 31 35 3a 32 24 Jan 2020 15:2
0030 - 39 3a 35 31 20 47 4d 54-0d 0a 53 65 72 76 65 72 9:51 GMT..Server
0040 - 3a 20 41 70 61 63 68 65-2f 32 2e 34 2e 32 39 20 : Apache/2.4.29
0050 - 28 55 62 75 6e 74 75 29-0d 0a 43 6f 6e 74 65 6e (Ubuntu)..Conten
0060 - 74 2d 4c 65 6e 67 74 68-3a 20 33 30 37 0d 0a 43 t-Length: 307..C
0070 - 6f 6e 6e 65 63 74 69 6f-6e 3a 20 63 6c 6f 73 65 onnection: close
0080 - 0d 0a 43 6f 6e 74 65 6e-74 2d 54 79 70 65 3a 20 ..Content-Type:
0090 - 74 65 78 74 2f 68 74 6d-6c 3b 20 63 68 61 72 73 text/html; chars
00a0 - 65 74 3d 69 73 6f 2d 38-38 35 39 2d 31 0d 0a 0d et=iso-8859-1...
00b0 - 0a 3c 21 44 4f 43 54 59-50 45 20 48 54 4d 4c 20 .<!DOCTYPE HTML
00c0 - 50 55 42 4c 49 43 20 22-2d 2f 2f 49 45 54 46 2f PUBLIC "-//IETF/
00d0 - 2f 44 54 44 20 48 54 4d-4c 20 32 2e 30 2f 2f 45 /DTD HTML 2.0//E
00e0 - 4e 22 3e 0a 3c 68 74 6d-6c 3e 3c 68 65 61 64 3e N">.<html><head>
00f0 - 0a 3c 74 69 74 6c 65 3e-34 30 30 20 42 61 64 20 .<title>400 Bad
0100 - 52 65 71 75 65 73 74 3c-2f 74 69 74 6c 65 3e 0a Request</title>.
0110 - 3c 2f 68 65 61 64 3e 3c-62 6f 64 79 3e 0a 3c 68 </head><body>.<h
0120 - 31 3e 42 61 64 20 52 65-71 75 65 73 74 3c 2f 68 1>Bad Request</h
0130 - 31 3e 0a 3c 70 3e 59 6f-75 72 20 62 72 6f 77 73 1>.<p>Your brows
0140 - 65 72 20 73 65 6e 74 20-61 20 72 65 71 75 65 73 er sent a reques
0150 - 74 20 74 68 61 74 20 74-68 69 73 20 73 65 72 76 t that this serv
0160 - 65 72 20 63 6f 75 6c 64-20 6e 6f 74 20 75 6e 64 er could not und
0170 - 65 72 73 74 61 6e 64 2e-3c 62 72 20 2f 3e 0a 3c erstand.<br />.<
0180 - 2f 70 3e 0a 3c 68 72 3e-0a 3c 61 64 64 72 65 73 /p>.<hr>.<addres
0190 - 73 3e 41 70 61 63 68 65-2f 32 2e 34 2e 32 39 20 s>Apache/2.4.29
01a0 - 28 55 62 75 6e 74 75 29-20 53 65 72 76 65 72 20 (Ubuntu) Server
01b0 - 61 74 20 66 72 66 31 31-32 78 2e 73 61 63 64 2e at frf112x.sacd.
01c0 - 66 72 20 50 6f 72 74 20-38 30 3c 2f 61 64 64 72 fr Port 80</addr
01d0 - 65 73 73 3e 0a 3c 2f 62-6f 64 79 3e 3c 2f 68 74 ess>.</body></ht
01e0 - 6d 6c 3e 0a ml>.
read from 0x162d080 [0x1621eb0] (8192 bytes => 0 (0x0))


EXPECTED RESULT

openssl s_client -debug -connect workdev01.org.fr:443
CONNECTED(00000003)
write to 0x162d080 [0x163cf10] (317 bytes => 317 (0x13D))
0000 - 16 03 01 01 38 01 00 01-34 03 03 96 b8 f6 ab be ....8...4.......
0010 - 6f 64 b7 6c 76 2e 5d b1-7c c5 b8 c5 65 24 3e f7 od.lv.].|...e$>.
0020 - 0b 16 eb fc 64 b6 3d 30-db 6b 5c 20 ed b5 57 21 ....d.=0.k\ ..W!
0030 - b5 be 5c 3b 50 fc 83 77-59 97 30 67 87 5b b3 cd ..\;P..wY.0g.[..
0040 - 1a b7 e8 d2 52 fc c9 2f-64 d1 23 35 00 3e 13 02 ....R../d.#5.>..
0050 - 13 03 13 01 c0 2c c0 30-00 9f cc a9 cc a8 cc aa .....,.0........
0060 - c0 2b c0 2f 00 9e c0 24-c0 28 00 6b c0 23 c0 27 .+./...$.(.k.#.'
0070 - 00 67 c0 0a c0 14 00 39-c0 09 c0 13 00 33 00 9d .g.....9.....3..
0080 - 00 9c 00 3d 00 3c 00 35-00 2f 00 ff 01 00 00 ad ...=.<.5./......
read from 0x162d080 [0x1633cf3] (5 bytes => 5 (0x5))
0000 - 48 54 54 50 2f HTTP/
140225635791936:error:1408F10B:SSL routines:ssl3_get_record:wrong version
number:../ssl/record/ssl3_record.c:332:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 317 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x162d080 [0x1621eb0] (8192 bytes => 484 (0x1E4))
0000 - 31 2e 31 20 34 30 30 20-42 61 64 20 52 65 71 75 1.1 400 Bad Requ
0010 - 65 73 74 0d 0a 44 61 74-65 3a 20 46 72 69 2c 20 est..Date: Fri,
0020 - 32 34 20 4a 61 6e 20 32-30 32 30 20 31 35 3a 32 24 Jan 2020 15:2
0030 - 39 3a 35 31 20 47 4d 54-0d 0a 53 65 72 76 65 72 9:51 GMT..Server
0040 - 3a 20 41 70 61 63 68 65-2f 32 2e 34 2e 32 39 20 : Apache/2.4.29
0050 - 28 55 62 75 6e 74 75 29-0d 0a 43 6f 6e 74 65 6e (Ubuntu)..Conten
0060 - 74 2d 4c 65 6e 67 74 68-3a 20 33 30 37 0d 0a 43 t-Length: 307..C
0070 - 6f 6e 6e 65 63 74 69 6f-6e 3a 20 63 6c 6f 73 65 onnection: close
0080 - 0d 0a 43 6f 6e 74 65 6e-74 2d 54 79 70 65 3a 20 ..Content-Type:
0090 - 74 65 78 74 2f 68 74 6d-6c 3b 20 63 68 61 72 73 text/html; chars
00a0 - 65 74 3d 69 73 6f 2d 38-38 35 39 2d 31 0d 0a 0d et=iso-8859-1...
00b0 - 0a 3c 21 44 4f 43 54 59-50 45 20 48 54 4d 4c 20 .<!DOCTYPE HTML
00c0 - 50 55 42 4c 49 43 20 22-2d 2f 2f 49 45 54 46 2f PUBLIC "-//IETF/
00d0 - 2f 44 54 44 20 48 54 4d-4c 20 32 2e 30 2f 2f 45 /DTD HTML 2.0//E
00e0 - 4e 22 3e 0a 3c 68 74 6d-6c 3e 3c 68 65 61 64 3e N">.<html><head>
00f0 - 0a 3c 74 69 74 6c 65 3e-34 30 30 20 42 61 64 20 .<title>400 Bad
0100 - 52 65 71 75 65 73 74 3c-2f 74 69 74 6c 65 3e 0a Request</title>.
0110 - 3c 2f 68 65 61 64 3e 3c-62 6f 64 79 3e 0a 3c 68 </head><body>.<h
0120 - 31 3e 42 61 64 20 52 65-71 75 65 73 74 3c 2f 68 1>Bad Request</h
0130 - 31 3e 0a 3c 70 3e 59 6f-75 72 20 62 72 6f 77 73 1>.<p>Your brows
0140 - 65 72 20 73 65 6e 74 20-61 20 72 65 71 75 65 73 er sent a reques
0150 - 74 20 74 68 61 74 20 74-68 69 73 20 73 65 72 76 t that this serv
0160 - 65 72 20 63 6f 75 6c 64-20 6e 6f 74 20 75 6e 64 er could not und
0170 - 65 72 73 74 61 6e 64 2e-3c 62 72 20 2f 3e 0a 3c erstand.<br />.<
0180 - 2f 70 3e 0a 3c 68 72 3e-0a 3c 61 64 64 72 65 73 /p>.<hr>.<addres
0190 - 73 3e 41 70 61 63 68 65-2f 32 2e 34 2e 32 39 20 s>Apache/2.4.29
01a0 - 28 55 62 75 6e 74 75 29-20 53 65 72 76 65 72 20 (Ubuntu) Server
01b0 - 61 74 20 66 72 66 31 31-32 78 2e 73 61 63 64 2e at frf112x.sacd.
01c0 - 66 72 20 50 6f 72 74 20-38 30 3c 2f 61 64 64 72 fr Port 80</addr
01d0 - 65 73 73 3e 0a 3c 2f 62-6f 64 79 3e 3c 2f 68 74 ess>.</body></ht
01e0 - 6d 6c 3e 0a ml>.
read from 0x162d080 [0x1621eb0] (8192 bytes => 0 (0x0))

We have some servers on Ubuntu 18.04 with Apache/2.4.29 (Ubuntu) and OpenSSL
1.1.1d 10 Sep 2019, if run this command to this server, we have no problem like
the following traces show :

openssl s_client -debug -connect serverdevxn01.org.fr:443
CONNECTED(00000003)
write to 0x249a080 [0x24aac50] (321 bytes => 321 (0x141))
0000 - 16 03 01 01 3c 01 00 01-38 03 03 10 15 df de 0f ....<...8.......
0010 - b7 ab fb e1 59 84 0f 23-c7 34 68 9c a6 e7 ca 30 ....Y..#.4h....0
0020 - b8 fd 9d 73 0b d1 8a ef-2c 08 5d 20 24 9a 04 f5 ...s....,.] $...
0030 - af 81 39 83 da 65 42 5c-fc aa 43 66 e1 ea 9d ff ..9..eB\..Cf....
0040 - 2e f1 e6 3b aa ae 7f 6a-a9 38 ac 5b 00 3e 13 02 ...;...j.8.[.>...
...
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3420 bytes and written 414 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: CDC48AA7AE09FE5110B3EDAB5A60B7AA7E86D99A90D7F3E65733FBBCEE563E06
Session-ID-ctx:
Master-Key:
670073A4994F61BC9CD86D8FA524C85F2F5A18FD59E6DF72DB9E35BE4C17FC2FD91CF2819DB87E4723E8B0A2491B2C4D
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 18 ad 51 5d 06 04 48 ca-be b7 00 ce 1b d9 8f 14 ..Q]..H.........
0010 - e8 a5 b4 47 76 49 5e 96-1e 9b c1 d5 78 8f b5 c5 ...GvI^.....x...
0020 - 12 ce 20 88 a5 d3 0f df-2a 34 68 86 fd 77 61 46 .. .....*4h..waF
0030 - 53 29 17 bd 82 23 8d 44-7c fb ed 10 8f 1f b3 06 S)...#.D|.......
0040 - 5c a5 ef 12 7a 8b 92 90-0b a7 28 b3 69 1d 48 7b \...z.....(.i.H{
0050 - 6a 7a 3b ea 65 7b 07 fd-c5 b0 7b 85 50 e1 81 0d jz;.e{....{.P...
0060 - ba d2 b1 e0 0d b2 50 f2-4e c5 a8 a6 e4 e4 ff ff ......P.N.......
0070 - dc e4 67 a0 5f 91 d4 2a-4f 20 8b 06 6b ac 4f 16 ..g._..*O ..k.O.
0080 - 1c d0 a3 3d 5c 89 2b 7a-af 99 b9 68 21 2a 7d f8 ...=\.+z...h!*}.
0090 - d0 22 42 e9 35 5a a9 f2-a0 7f b7 f4 21 73 89 7b ."B.5Z......!s.{
00a0 - e8 73 02 a1 b9 7c 0a 61-0b f7 82 41 38 67 1a 25 .s...|.a...A8g.%
00b0 - d8 2b a7 64 b0 21 c4 89-2d d3 19 65 6d 07 07 e7 .+.d.!..-..em...
00c0 - 0c 5e ee 64 26 d8 fe 8e-d5 7c 4d 32 f8 c9 2e e2 .^.d&....|M2....
00d0 - 66 df a3 7d 00 1c 2e 31-7c 6d b3 84 b8 6e 4a 16 f..}...1|m...nJ.

Start Time: 1579878893
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
DONE
write to 0x249a080 [0x24a5a93] (31 bytes => 31 (0x1F))
0000 - 15 03 03 00 1a 46 df c9-e4 c0 ad 3c 94 0a b7 e8 .....F.....<....
0010 - 8d e2 e3 d8 83 39 e5 a6-9a d2 cd 3b 97 0b dd .....9.....;...
read from 0x249a080 [0x248eeb0] (8192 bytes => 31 (0x1F))
0000 - 15 03 03 00 1a f7 bb ce-f9 92 b2 eb 5a b7 26 7a ............Z.&z
0010 - 94 24 fb 47 73 f3 72 5d-12 a3 ee 4f 61 1d d5 .$.Gs.r]...Oa..
read from 0x249a080 [0x248eeb0] (8192 bytes => 0 (0x0))

SOFTWARE/OS VERSIONS
KDE Neon 5.17
Ubunut 18.04
Apache : Apache/2.4.29 (Ubuntu)
OpenSSL : 1.1.1d 10 Sep 2019 

ADDITIONAL INFORMATION

same Apache configuration and certificates

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to