Return-Path: <bugs-return-48042-archive-asf-public=cust-asf.ponee.io@httpd.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 2B9B82009F5
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sun,  8 May 2016 12:54:16 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 2A2BC160A06; Sun,  8 May 2016 10:54:16 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 737E31609A8
	for <archive-asf-public@cust-asf.ponee.io>; Sun,  8 May 2016 12:54:15 +0200 (CEST)
Received: (qmail 11161 invoked by uid 500); 8 May 2016 10:54:14 -0000
Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:bugs@httpd.apache.org>
List-Help: <mailto:bugs-help@httpd.apache.org>
List-Unsubscribe: <mailto:bugs-unsubscribe@httpd.apache.org>
Reply-To: "Apache HTTPD Bugs Notification List" <bugs@httpd.apache.org>
List-Id: <bugs.httpd.apache.org>
Delivered-To: mailing list bugs@httpd.apache.org
Received: (qmail 11152 invoked by uid 99); 8 May 2016 10:54:14 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 May 2016 10:54:14 +0000
Received: from asf-bz1-us-mid.priv.apache.org (nat1-us-mid.apache.org [23.253.172.122])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPS id 5C9CD1A00EB
	for <bugs@httpd.apache.org>; Sun,  8 May 2016 10:54:14 +0000 (UTC)
Received: by asf-bz1-us-mid.priv.apache.org (ASF Mail Server at asf-bz1-us-mid.priv.apache.org, from userid 33)
	id 4538D604AB; Sun,  8 May 2016 10:54:13 +0000 (UTC)
From: bugzilla@apache.org
To: bugs@httpd.apache.org
Subject: [Bug 59438] ServerInfo Extension 18 Missing for dual EC-RSA
 certificate configurations
Date: Sun, 08 May 2016 10:54:12 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Apache httpd-2
X-Bugzilla-Component: mod_ssl
X-Bugzilla-Version: 2.4.20
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: major
X-Bugzilla-Who: jasonmili@hotmail.com
X-Bugzilla-Status: NEW
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: bugs@httpd.apache.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-59438-7868-r3wIsnLoQz@https.bz.apache.org/bugzilla/>
In-Reply-To: <bug-59438-7868@https.bz.apache.org/bugzilla/>
References: <bug-59438-7868@https.bz.apache.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bz.apache.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
archived-at: Sun, 08 May 2016 10:54:16 -0000

https://bz.apache.org/bugzilla/show_bug.cgi?id=59438

--- Comment #2 from Jason Milionis <jasonmili@hotmail.com> ---
Detailed OpenSSL session when this fails:

Command: "openssl s_client -CApath /etc/ssl/certs -cipher DHE-RSA-AES256-SHA
-serverinfo 18 -connect winpack.eu.org:443"

Output:

CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = winpack.cf
verify return:1
---
Certificate chain
 0 s:/CN=winpack.cf
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGmzCCBYOgAwIBAgISA3XRpPHxuH1gqdOpHtPHPmzMMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjAzMjUxOTU3MDBaFw0x
NjA2MjMxOTU3MDBaMBUxEzARBgNVBAMTCndpbnBhY2suY2YwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQCn/fciS4Z+YPTHtkNrWjTj1Bv222hBw6zBtbGz
t20cC64rACNfUjYCNDfgmhIo/lbhi23Kow7Maah74riLY0Dlr2iFELAUD2w+V2z6
acusjpVYKidubwrFT8Re5L6MzSq0BXEzcxIx4FWVBlfaYguGpMZqjOLhbxQgHFHZ
sVp2/dtxLrB5C2iUlU5v4mcoMR4hCc9/WHgqi5tqSUT8G/XNzwXe8kj3iJ5WL6bL
xy0MYfi7Lq5KIHsfu7RZiJuPoqia6H3PhKLqDylcch/+40IPk8wCEZvDACDh2tX0
XGYmGKjVzli/P62H0hepn9cKiMoxck6Uk+YZiZWEKllldzbuNpTaZyEF939NJ6Ga
/rHnVqIHetUKJhuRu5Ph+OMOPGUyzPt57G4TNTKGrpwvdTUvmliZmfCXZEi3XnJm
o+ULsxM6ByF+mMMOGiVJ7K0sv1KW9k8clK1zqCc6ZKz8wivPL9/YLYVCplS7vzCK
HFqGF6t6YbM7VoCvkKCeK5gro2V8M4ggGo5YxQogg2SHVqg8ZEHFt4nIYJdBf9Hu
GTNP/yiOkysSys+g3bKQ+2kkZatYtcw61G75adml4DyPt5t83T2mlcCXgxwRdz19
D25vLlTiH1jCdM7x9b/j+WGMbWDfDTCfSNlNW5Myv8gI7uI54Kr/yJ3YMvu8gl07
pmNJRQIDAQABo4ICrjCCAqowDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTQ50MGPlk7
Mq2jmYluZCmYgee7ijAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBw
BggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmludC14My5s
ZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMu
bGV0c2VuY3J5cHQub3JnLzCBtwYDVR0RBIGvMIGsgg9tYWlsLndpbnBhY2suY2aC
E21haWwud2lucGFjay5ldS5vcmeCDW14LndpbnBhY2suY2aCEW14LndpbnBhY2su
ZXUub3Jngg5teDIud2lucGFjay5jZoISbXgyLndpbnBhY2suZXUub3Jnggp3aW5w
YWNrLmNmgg53aW5wYWNrLmV1Lm9yZ4IOd3d3LndpbnBhY2suY2aCEnd3dy53aW5w
YWNrLmV1Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMB
AQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGr
BggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVs
aWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFu
Y2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8v
bGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAa
WVAFmNQaKw9ZDTuz0tW9ZadB0cO6ufLtC7J6THERQhtGcisgtRQdRgrlNOTdvkyL
Gi5zoqoSiz0AyMWsyB5f7ZoFDiB3ZGJ/Z1nGELmRpVVbUVsZqOEIrf1hb9tgV0IE
o+uCBMZJBRlLzeKvWLkoruOScEY+3W8SQHUKc1FHsOxAEhjuM2xx6XrbfT6BlvaO
FtZzhgbTvVRZ4g2eC/W2bEhy7erHpFTbFukRwjfKiE5BF+gwpyy8S/2mS3pR8klG
ZoDUcnMJLOqsc97L2mhnjKyW360cIsu4n/Rpd3CCw3lTLLZ9XVae8PjjSzDo2Nc/
bIl/ANOzNDUJr+JRGUiw
-----END CERTIFICATE-----
subject=/CN=winpack.cf
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 4096 bits
---
SSL handshake has read 4797 bytes and written 701 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID:
B1796305C99DC2086C9AEBAD8CD1C8F7A0F1E5DC06D940E8B40E4C349D2E268C
    Session-ID-ctx: 
    Master-Key:
5A06BEEB42CA60AEA80CABFEBED2E1D3301E6979C5851CF3BFC0DA654E2EDEEA023918E8E254F0E8B119F7101CDF31F0
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:

            (info truncated by me)

    Start Time: 1462704766
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

(note that there is no serverinfo tls extension here)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org