[users@httpd] Why httpd-2.4.46 server not working with TLSv1.2?

[Shariful Alam]

Hello,
I have installed *apache 2.4.46* from the source code. I have also
installed *Openssl 1.1.1c* from the source code in "*/opt/openssl*"

I use the following configuration while installing apache,

CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF'
LDFLAGS=-Wl,-rpath=/opt/openssl/lib ./configure --prefix=/etc/apache2
--enable-ssl --with-ssl=/opt/openssl/ --with-pcre=/usr/local/pcre
--enable-so
==

My *httpd-ssl.conf *with the following configuration works fine with
TLSv1.3,
==
SSLCipherSuite AES128-SHA256
SSLHonorCipherOrder on
SSLProtocol all -SSLv3


However, If I try to use TLSv1.2, I get the following error,
==
xxx@xxx:~$ curl -k https://10.29.2.98 -verbose --tlsv1.2 --tls-max 1.2
*   Trying 10.29.2.98:443...
* Connected to 10.29.2.98 (10.29.2.98) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, bad record mac (532):
* error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac
* Closing connection 0
curl: (35) error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad
record mac
=

I also change *httpd-ssl.conf *like the following,
=
SSLCipherSuite AES128-SHA256
SSLHonorCipherOrder on
#SSLProtocol all -SSLv3
SSLProtocol -all +TLSv1.2
=

but still same error,
===
$curl -k https://10.29.2.98 -verbose
*   Trying 10.29.2.98:443...
* Connected to 10.29.2.98 (10.29.2.98) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, bad record mac (532):
* error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac
* Closing connection 0
curl: (35) error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad
record mac
==

Any help, where did I make mistake?

Thanks,
Shariful Alam

RE: [users@httpd] Local css/js files take 5 seconds to load

[Marc]

> Httpd with default settings. Opening a local html document with cleared
> cache in any browser takes very long to load. The Chrome network tab
> shows that the "Content Download" from included local css/js files take
> 5 seconds to load. No matter how many or which files. Issue appeared
> after updating to v2.4.48.

I would guess that is either your network connection or your filesystem, but 
even static files would be loaded into ram cache. What if you do a curl -v from 
localhost?




-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Local css/js files take 5 seconds to load

[Mix XP]

Httpd with default settings. Opening a local html document with cleared cache in any browser takes very long to load. The Chrome network tab shows that the "Content Download" from included local css/js files take 5 seconds to load. No matter how many or which files. Issue appeared after updating to v2.4.48.

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org