httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: Comparing LibreSSL and OpenSSL based on ApacheTest t/ssl results
Date Fri, 17 Jul 2015 14:18:43 GMT
On Fri, Jul 17, 2015 at 1:51 PM, Michael Felt <mamfelt@gmail.com> wrote:
> On 2015-07-17 1:20 PM, Michael Felt wrote:
>>
>> On 2015-07-17 12:39 PM, Yann Ylavic wrote:
>>>
>>> tcpdump -i lo -w dump.pcap -s0 tcp port 8532
>>
>>
> Run at a different time, but with trace5 enabled.

Thanks, I finally managed to build libressl on my system and
httpd-2.4.x linked to it.
However since this isn't the system's native libssl, the perl
framework (libwww-perl/5.836 here) does not use it (but Debian's
libssl-0.9.8o-4squeeze20), so I had to use libressl's "openssl
s_client" to reproduce the case.

So:
$ /path/to/httpd/2.4.x/bin/httpd -f
/path/to/httpd/framework/trunk/t/conf/httpd.conf -X
on the server side, and:
$ /path/to/libressl/2.2.1/bin/openssl s_client -connect localhost:8532 -state
on the client side, with this simple request:
GET /require-aes128-cgi HTTP/1.1
Host: localhost:8532

Attached are the logs from both httpd and s_client, where we can see
that httpd somehow expects a client certificate during the
renegotiation (without sending any certificate request...), while
s_client obviously does not send anything like that (but its key
exchange).

I can't explain that... I'd need to debug.
Does this ring someone's bell?

Mime
View raw message