httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 59438] ServerInfo Extension 18 Missing for dual EC-RSA certificate configurations
Date Sun, 08 May 2016 10:54:12 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=59438

--- Comment #2 from Jason Milionis <jasonmili@hotmail.com> ---
Detailed OpenSSL session when this fails:

Command: "openssl s_client -CApath /etc/ssl/certs -cipher DHE-RSA-AES256-SHA
-serverinfo 18 -connect winpack.eu.org:443"

Output:

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = winpack.cf
verify return:1
---
Certificate chain
 0 s:/CN=winpack.cf
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGmzCCBYOgAwIBAgISA3XRpPHxuH1gqdOpHtPHPmzMMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjAzMjUxOTU3MDBaFw0x
NjA2MjMxOTU3MDBaMBUxEzARBgNVBAMTCndpbnBhY2suY2YwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQCn/fciS4Z+YPTHtkNrWjTj1Bv222hBw6zBtbGz
t20cC64rACNfUjYCNDfgmhIo/lbhi23Kow7Maah74riLY0Dlr2iFELAUD2w+V2z6
acusjpVYKidubwrFT8Re5L6MzSq0BXEzcxIx4FWVBlfaYguGpMZqjOLhbxQgHFHZ
sVp2/dtxLrB5C2iUlU5v4mcoMR4hCc9/WHgqi5tqSUT8G/XNzwXe8kj3iJ5WL6bL
xy0MYfi7Lq5KIHsfu7RZiJuPoqia6H3PhKLqDylcch/+40IPk8wCEZvDACDh2tX0
XGYmGKjVzli/P62H0hepn9cKiMoxck6Uk+YZiZWEKllldzbuNpTaZyEF939NJ6Ga
/rHnVqIHetUKJhuRu5Ph+OMOPGUyzPt57G4TNTKGrpwvdTUvmliZmfCXZEi3XnJm
o+ULsxM6ByF+mMMOGiVJ7K0sv1KW9k8clK1zqCc6ZKz8wivPL9/YLYVCplS7vzCK
HFqGF6t6YbM7VoCvkKCeK5gro2V8M4ggGo5YxQogg2SHVqg8ZEHFt4nIYJdBf9Hu
GTNP/yiOkysSys+g3bKQ+2kkZatYtcw61G75adml4DyPt5t83T2mlcCXgxwRdz19
D25vLlTiH1jCdM7x9b/j+WGMbWDfDTCfSNlNW5Myv8gI7uI54Kr/yJ3YMvu8gl07
pmNJRQIDAQABo4ICrjCCAqowDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTQ50MGPlk7
Mq2jmYluZCmYgee7ijAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBw
BggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14My5s
ZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMu
bGV0c2VuY3J5cHQub3JnLzCBtwYDVR0RBIGvMIGsgg9tYWlsLndpbnBhY2suY2aC
E21haWwud2lucGFjay5ldS5vcmeCDW14LndpbnBhY2suY2aCEW14LndpbnBhY2su
ZXUub3Jngg5teDIud2lucGFjay5jZoISbXgyLndpbnBhY2suZXUub3Jnggp3aW5w
YWNrLmNmgg53aW5wYWNrLmV1Lm9yZ4IOd3d3LndpbnBhY2suY2aCEnd3dy53aW5w
YWNrLmV1Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMB
AQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGr
BggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVs
aWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFu
Y2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8v
bGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAa
WVAFmNQaKw9ZDTuz0tW9ZadB0cO6ufLtC7J6THERQhtGcisgtRQdRgrlNOTdvkyL
Gi5zoqoSiz0AyMWsyB5f7ZoFDiB3ZGJ/Z1nGELmRpVVbUVsZqOEIrf1hb9tgV0IE
o+uCBMZJBRlLzeKvWLkoruOScEY+3W8SQHUKc1FHsOxAEhjuM2xx6XrbfT6BlvaO
FtZzhgbTvVRZ4g2eC/W2bEhy7erHpFTbFukRwjfKiE5BF+gwpyy8S/2mS3pR8klG
ZoDUcnMJLOqsc97L2mhnjKyW360cIsu4n/Rpd3CCw3lTLLZ9XVae8PjjSzDo2Nc/
bIl/ANOzNDUJr+JRGUiw
-----END CERTIFICATE-----
subject=/CN=winpack.cf
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 4096 bits
---
SSL handshake has read 4797 bytes and written 701 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID:
B1796305C99DC2086C9AEBAD8CD1C8F7A0F1E5DC06D940E8B40E4C349D2E268C
    Session-ID-ctx: 
    Master-Key:
5A06BEEB42CA60AEA80CABFEBED2E1D3301E6979C5851CF3BFC0DA654E2EDEEA023918E8E254F0E8B119F7101CDF31F0
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:

            (info truncated by me)

    Start Time: 1462704766
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

(note that there is no serverinfo tls extension here)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message