httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "plot.lost" <plot.l...@gmail.com>
Subject Re: [users@httpd] Problems with TLS connections
Date Tue, 24 Apr 2012 21:18:59 GMT
On 24/04/2012 21:56, Carmel wrote:
> On Tue, 24 Apr 2012 20:40:30 +0100
> plot.lost articulated:
>
>> On 24/04/2012 20:19, Carmel wrote:
>>> On Tue, 24 Apr 2012 19:46:40 +0100
>>> plot.lost articulated:
>>>
>>>> Having problems making TLS connections to an instance of apache.
>>>>
>>>> [snipped]
>>>> Any clues as to why the TLS connection is not working - is there
>>>> some config value I am missing or have wrong?
>>> What version of SSL are you using? There was a problem with the
>>> update of "openssl-1.0.1a" that caused problems with Postfix with
>>> certain domains.
>>>
>>> Try this for starters:
>>>
>>> openssl s_client -connect 127.0.0.1:443 -tls1_2
>>> openssl s_client -connect 127.0.0.1:443 -tls1_1
>>> openssl s_client -connect 127.0.0.1:443 -tls1
>>> openssl s_client -connect 127.0.0.1:443 -ssl3
>>>
>>> Post the connect or fail results back here.
>>>
>> Command line openssl version is:
>>
>> OpenSSL 0.9.8t 18 Jan 2012 (Library: OpenSSL 0.9.8k 25 Mar 2009)
>>
>> -tls1_1 and -tls1_2 are not recognised options
>> -tls1 fails
>> -ssl3 connects fine.
>>
>> The apache httpd has been compiled against the same openssl (and is
>> running on the same box, ubuntu 10.04 LTS)
>>
>> Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t
> I have Firefox 11.0 and Apache-2.2.22 and OpenSSL 1.0.1a installed so
> all of those protocols work correctly. You might want to consider
> updating your "openssl" to the latest version. Unfortunately, you will
> have to recompile everything linked against it. That can be trivial or
> major depending on your system.
>
I've found the problem, a simple configuration error...

I had

     SSLProtocol TLSv1 SSLv3

as my config, ssl3 worked fine by tls1 failed.

Changing this to

     SSLProtocol SSLv3 TLSv1

caused tls1 to work, but now ssl3 failed.

Problem was not using '+' infront of the protocols when trying to add 
one in, so it resulted in only the last protocol listed actually working.

Changed the config to

     SSLProtocol TLSv1 +SSLv3

and now both work fine

Thanks for the help - and sorry for wasting time on what turned out to 
be a simple config error!



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message