You should share your SSLCiphersuite and SSLProtocol values first, besides that version of openssl is quite lacking regarding the availability of ciphers and protocols.
2015-07-30 5:37 GMT+02:00 Sunil R <dexterse...@gmail.com>: > I’m trying to upgrade the Apache version from httpd 2.2.25 to 2.4.12. Im > building apache with the same openssl version 0.9.8.After the upgrade I see > that the openssl s_client query to the server fails with error: > > [Mon Jul 27 02:57:47.982584 2015] [ssl:info] [pid 22460:tid 1943075728] > SSL Library Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong > version number > > > > The openssl client version is Openssl 0.9.8g ( OpenSSL/FIPS). In the httpd > config file I have disabled SSLv2 and SSLv3. > > When I enable debug options on the s_client this is the output: > > > > Linux# /isan/bin/openssl s_client -connect localhost:443 -debug -state -msg > > CONNECTED(00000003) > > SSL_connect:before/connect initialization > > write to 0x9d606b0 [0x9d61678] (124 bytes => 124 (0x7C)) > > 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00 .z....Q... ..9.. > > 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ > > 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../....... > > 0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00 ................ > > 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@......... > > 0050 - 00 00 06 04 00 80 00 00-03 02 00 80 68 fd d4 c6 ............h... > > 0060 - 77 4c 5e ef 2f 41 d4 18-e6 f8 6d d3 9e 8c b2 2d wL^./A....m....- > > 0070 - b4 81 83 fd c7 63 f6 8b-fe 26 e9 97 .....c...&.. > > >>> SSL 2.0 [length 007a], CLIENT-HELLO > > 01 03 01 00 51 00 00 00 20 00 00 39 00 00 38 00 > > 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 > > 33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80 > > 00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00 > > 00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00 > > 06 04 00 80 00 00 03 02 00 80 68 fd d4 c6 77 4c > > 5e ef 2f 41 d4 18 e6 f8 6d d3 9e 8c b2 2d b4 81 > > 83 fd c7 63 f6 8b fe 26 e9 97 > > SSL_connect:SSLv2/v3 write client hello A > > read from 0x9d606b0 [0x9d66bd8] (7 bytes => 0 (0x0)) > > 7175:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188: > > Linux# > > > > The SSL handshake goes through fine in these cases: > > 1.When I enable SSLv3, the query goes through fine. > > 2. When I force the TLSv1 in the s_client query. > > 3. With the older httpd version 2.2.25 > Is this intentional, to honor the disable SSLv3 configured? > > Please help me let know what could be the issue? Let me know if any other > details are needed. > > Thx, > DS > -- *Daniel Ferradal* IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal
