Hi All, We recently migrated a few web servers from SLES12 SP3 into SLES15 SP4. I now have see an intermitted error in FireFox.
We have a Xymon webserver running Apache. When I connect to the website all is fine, and every minute the page is refreshed. But very so often (as fast as within a few minutes up to a few hours) I get an "SSL_ERROR_ILLEGAL_PARAMETER_ALERT" error in FireFox. I also see this sometimes at the moment I connect (to another server) for the first time, but when I refresh the page the connection is correct. I only see this in FireFox, Edge doesn't have this problem. I guess Chrome is also fine as it should use the same engine as Edge. In the old server we ran TLSv1.2 but the new version supports TLSv1.3, and that's obviously the preferred version. Based on the FireFox error, I have seen a few discussions for an older version of FireFox/TLS, back when TLSv1.2 was introduced. The solution would be to force FireFox to only allow TLSv1.1 or lower. But when I force FireFox to only accept TLSv1.2 I get the same error. The only 'solution' I have is to remove TLSv1.3 from the Apache configuration. Indeed then, using TLSv1.2, it works fine but we obviously would want to run with TLSv1.3. The apache log shows an error at the time of the failure. But I haven't found any solution when searching for the two error messages. Apparently there might be multiple causes that produce these errors. [ssl:info] [pid 59440] [client xxx.xxx.xxx.xxx] AH01964: Connection to child 2 established (server <hostname>:443) [ssl:info] [pid 59440] [client xxx.xxx.xxx.xxx] AH02008: SSL library error 1 in handshake (server <hostname>:443) [ssl:info] [pid 59440] SSL Library Error: error:141FA0FD:SSL routines:tls_psk_do_binder:binder does not verify [ssl:info] [pid 59440] [client xxx.xxx.xxx.xxx] AH01998: Connection closed to child 2 with abortive shutdown (server <hostname>:443) Do you have any idea how I can solve this? Are there any configuration options in Apache that might have a solution for this behaviour? Met vriendelijke groet/With kind regards/Mit freundlichen Grüßen, Berry van Sleeuwen Flight Forum 3000 5657 EW Eindhoven * +31 (0)6 22564276 [cid:[email protected]] [cid:[email protected]] ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
