Hello Apache folks :
So the process of testing TLS 1.3 shouldn't be black magic but here
I am wondering what is wrong. I have a beta site up running Apache trunk
build and OpenSSL 1.1.1-pre7 ( the latest atm ) and everything seems to
be just fine. I have Mozilla beta browser with security.tls.* settings
ready to handle TLS 1.3 and I can reach, render and see the test site at
https://tls13.crypto.mozilla.org/ just fine. It claims TLS 1.3 (draft
28) using NSS whereas my site https://beta.tls13.net can not be "seen"
via the same browser. The openssl s_client has no issues contacting both
sites and in both cases I do see TLS 1.3 protocol as supported however
cipher suite ( see https://wiki.mozilla.org/Security/Server_Side_TLS )
may be the issue. Not sure.
Here is what I see when using "s_client" to access the mozilla site :
$ openssl s_client -connect tls13.crypto.mozilla.org:443 -tls1_3
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = tls13.crypto.mozilla.org
verify return:1
---
Certificate chain
0 s:CN = tls13.crypto.mozilla.org
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISBPOVEnB/CqyqLondZWg55Uz8MA0GCSqGSIb3DQEBCwUA
.
.<snip>
.
Ad+yYggR2Q==
-----END CERTIFICATE-----
subject=CN = tls13.crypto.mozilla.org
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2974 bytes and written 316 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_128_GCM_SHA256
Session-ID:
Session-ID-ctx:
Master-Key:
7A97B0747961C13DDF4A533C8174262F9500157007EED04A98B5BCAA314D56A5
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1529024212
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
read R BLOCK
GET
HTTP/1.1 400 Bad Request
Date: Fri, 15 Jun 2018 00:57:36 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
closed
tls13 $
All looks fine. The nice 400 error message is very okay.
The exact same thing to my test trunk Apache server claims odd
results :
$ openssl s_client -connect beta.tls13.net:443 -tls1_3
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = *.tls13.net
verify return:1
---
Certificate chain
0 s:CN = *.tls13.net
i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISA3lbcjYuS0tUnszwWevJIyQaMA0GCSqGSIb3DQEBCwUA
.
.<snip>
.
PrK8bh7S
-----END CERTIFICATE-----
subject=CN = *.tls13.net
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3281 bytes and written 322 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID:
Session-ID-ctx:
Master-Key:
42F400653B4C20603D96D1180E345439B941F696160A0B7BD7FF23077A111A1A899A6A43BCEE6172D00641597111FF39
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1529024399
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
read:errno=0
$
Well other than cipher what is the difference here ? Nothing obvious.
The ssl error_log ( set at level debug ) isn't helping here :
[Fri Jun 15 00:59:59.753533 2018] [ssl:info] [pid 2250:tid 27] [client
68.179.116.201:34466] AH01964: Connection to child 152 established
(server beta.tls13.net:443)
[Fri Jun 15 00:59:59.755714 2018] [ssl:debug] [pid 2250:tid 27]
ssl_engine_kernel.c(2297): [client 68.179.116.201:34466] AH02043: SSL
virtual host for servername beta.tls13.net found
[Fri Jun 15 00:59:59.788701 2018] [ssl:debug] [pid 2250:tid 27]
ssl_engine_kernel.c(2222): [client 68.179.116.201:34466] AH02041:
Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
[Fri Jun 15 00:59:59.788742 2018] [ssl:error] [pid 2250:tid 27] [client
68.179.116.201:34466] AH02042: rejecting client initiated renegotiation
[Fri Jun 15 00:59:59.789151 2018] [ssl:debug] [pid 2250:tid 27]
ssl_engine_io.c(1400): (130)Software caused connection abort: [client
68.179.116.201:34466] AH02007: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!]
[Fri Jun 15 00:59:59.789341 2018] [ssl:info] [pid 2250:tid 27] [client
68.179.116.201:34466] AH01998: Connection closed to child 152 with
abortive shutdown (server beta.tls13.net:443)
beta #
Weird.
Any thoughts would be greatly appreciated.
Dennis
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org