httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carmel <>
Subject Re: [users@httpd] Problems with TLS connections
Date Tue, 24 Apr 2012 19:19:52 GMT
On Tue, 24 Apr 2012 19:46:40 +0100
plot.lost articulated:

>Having problems making TLS connections to an instance of apache.
>The server version is:
>Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t
>The ssl config includes:
>    SSLProtocol TLSv1 SSLv3
>    SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5:!EXP:!LOW:!NULL
>    SSLHonorCipherOrder on
>    # See
>    SSLVerifyClient none
>    #SSLInsecureRenegotiation on
>If I try and connect using Firefox with only TLS enabled, the
>connection fails (get the message 'The connection to the server was
>reset while the page was loading'). With SSLv3 enabled in Firefox, the
>connection works fine.
>Trying using openssl command line:
>openssl s_client -connect -tls1
>15265:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version 
>When trying with
>openssl s_client -connect -sslv3
>the connection works
>New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
>Server public key is 4096 bit
>Secure Renegotiation IS supported
>Compression: NONE
>Expansion: NONE
>     Protocol  : SSLv3
>     Cipher    : DHE-RSA-AES256-SHA
>     Session-ID: 
>     Session-ID-ctx:
>     Master-Key: 
>     Key-Arg   : None
>     Start Time: 1335292940
>     Timeout   : 7200 (sec)
>Any clues as to why the TLS connection is not working - is there some 
>config value I am missing or have wrong?

What version of SSL are you using? There was a problem with the update
of "openssl-1.0.1a" that caused problems with Postfix with certain

Try this for starters:

openssl s_client -connect -tls1_2
openssl s_client -connect -tls1_1
openssl s_client -connect -tls1
openssl s_client -connect -ssl3

Post the connect or fail results back here.

Carmel ✌

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message