On 24/04/2012 20:19, Carmel wrote:
On Tue, 24 Apr 2012 19:46:40 +0100
plot.lost articulated:
Having problems making TLS connections to an instance of apache.
The server version is:
Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t
The ssl config includes:
SSLProtocol TLSv1 SSLv3
SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5:!EXP:!LOW:!NULL
SSLHonorCipherOrder on
# See
http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/
SSLVerifyClient none
#SSLInsecureRenegotiation on
If I try and connect using Firefox with only TLS enabled, the
connection fails (get the message 'The connection to the server was
reset while the page was loading'). With SSLv3 enabled in Firefox, the
connection works fine.
Trying using openssl command line:
openssl s_client -connect 127.0.0.1:443 -tls1
gets
CONNECTED(00000003)
15265:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:284:
When trying with
openssl s_client -connect 127.0.0.1:443 -sslv3
the connection works
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA
Session-ID:
F86A80F46AF9AD0626B1051223C184553FC25B92AF1763E6728CAEF984C4CB58
Session-ID-ctx:
Master-Key:
E0BE122F6671905DB5BBC40F874157F1A4625FC32A19AE1D67EC2255DC05DC7723A69A26A942E874C8CC219A28BB4936
Key-Arg : None
Start Time: 1335292940
Timeout : 7200 (sec)
Any clues as to why the TLS connection is not working - is there some
config value I am missing or have wrong?
What version of SSL are you using? There was a problem with the update
of "openssl-1.0.1a" that caused problems with Postfix with certain
domains.
Try this for starters:
openssl s_client -connect 127.0.0.1:443 -tls1_2
openssl s_client -connect 127.0.0.1:443 -tls1_1
openssl s_client -connect 127.0.0.1:443 -tls1
openssl s_client -connect 127.0.0.1:443 -ssl3
Post the connect or fail results back here.
Command line openssl version is:
OpenSSL 0.9.8t 18 Jan 2012 (Library: OpenSSL 0.9.8k 25 Mar 2009)
-tls1_1 and -tls1_2 are not recognised options
-tls1 fails
-ssl3 connects fine.
The apache httpd has been compiled against the same openssl (and is
running on the same box, ubuntu 10.04 LTS)
Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org