httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carmel <carmel...@hotmail.com>
Subject Re: [users@httpd] Problems with TLS connections
Date Tue, 24 Apr 2012 19:19:52 GMT
On Tue, 24 Apr 2012 19:46:40 +0100
plot.lost articulated:

>Having problems making TLS connections to an instance of apache.
>
>The server version is:
>Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t
>
>The ssl config includes:
>
>    SSLProtocol TLSv1 SSLv3
>    SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5:!EXP:!LOW:!NULL
>    SSLHonorCipherOrder on
>    # See
>    http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/
>    SSLVerifyClient none
>    #SSLInsecureRenegotiation on
>
>
>If I try and connect using Firefox with only TLS enabled, the
>connection fails (get the message 'The connection to the server was
>reset while the page was loading'). With SSLv3 enabled in Firefox, the
>connection works fine.
>
>Trying using openssl command line:
>
>openssl s_client -connect 127.0.0.1:443 -tls1
>
>gets
>
>CONNECTED(00000003)
>15265:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version 
>number:s3_pkt.c:284:
>
>When trying with
>
>openssl s_client -connect 127.0.0.1:443 -sslv3
>
>the connection works
>
>New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
>Server public key is 4096 bit
>Secure Renegotiation IS supported
>Compression: NONE
>Expansion: NONE
>SSL-Session:
>     Protocol  : SSLv3
>     Cipher    : DHE-RSA-AES256-SHA
>     Session-ID: 
>F86A80F46AF9AD0626B1051223C184553FC25B92AF1763E6728CAEF984C4CB58
>     Session-ID-ctx:
>     Master-Key: 
>E0BE122F6671905DB5BBC40F874157F1A4625FC32A19AE1D67EC2255DC05DC7723A69A26A942E874C8CC219A28BB4936
>     Key-Arg   : None
>     Start Time: 1335292940
>     Timeout   : 7200 (sec)
>
>
>Any clues as to why the TLS connection is not working - is there some 
>config value I am missing or have wrong?

What version of SSL are you using? There was a problem with the update
of "openssl-1.0.1a" that caused problems with Postfix with certain
domains.

Try this for starters:

openssl s_client -connect 127.0.0.1:443 -tls1_2
openssl s_client -connect 127.0.0.1:443 -tls1_1
openssl s_client -connect 127.0.0.1:443 -tls1
openssl s_client -connect 127.0.0.1:443 -ssl3

Post the connect or fail results back here.

-- 
Carmel ✌
carmel_ny@hotmail.com

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
__________________________________________________________________


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message