httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel <dferra...@gmail.com>
Subject Re: [users@httpd] SSL handshake failure after httpd upgrade to 2.4.12
Date Thu, 30 Jul 2015 14:46:15 GMT
You should share your SSLCiphersuite and SSLProtocol values first, besides
that version of openssl is quite lacking regarding the availability of
ciphers and protocols.

2015-07-30 5:37 GMT+02:00 Sunil R <dexterseven@gmail.com>:

> I’m trying to upgrade the Apache version from httpd 2.2.25 to 2.4.12. Im
> building apache with the same openssl version 0.9.8.After the upgrade I see
> that the openssl s_client query to the server fails with error:
>
> [Mon Jul 27 02:57:47.982584 2015] [ssl:info] [pid 22460:tid 1943075728]
> SSL Library Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
> version number
>
>
>
> The openssl client version is Openssl 0.9.8g ( OpenSSL/FIPS). In the httpd
> config file I have disabled SSLv2 and SSLv3.
>
> When I enable debug options on the s_client this is the output:
>
>
>
> Linux# /isan/bin/openssl s_client -connect localhost:443 -debug -state -msg
>
> CONNECTED(00000003)
>
> SSL_connect:before/connect initialization
>
> write to 0x9d606b0 [0x9d61678] (124 bytes => 124 (0x7C))
>
> 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00   .z....Q... ..9..
>
> 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
>
> 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03   ..3..2../.......
>
> 0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00   ................
>
> 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........
>
> 0050 - 00 00 06 04 00 80 00 00-03 02 00 80 68 fd d4 c6   ............h...
>
> 0060 - 77 4c 5e ef 2f 41 d4 18-e6 f8 6d d3 9e 8c b2 2d   wL^./A....m....-
>
> 0070 - b4 81 83 fd c7 63 f6 8b-fe 26 e9 97               .....c...&..
>
> >>> SSL 2.0 [length 007a], CLIENT-HELLO
>
>     01 03 01 00 51 00 00 00 20 00 00 39 00 00 38 00
>
>     00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00
>
>     33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80
>
>     00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00
>
>     00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00
>
>     06 04 00 80 00 00 03 02 00 80 68 fd d4 c6 77 4c
>
>     5e ef 2f 41 d4 18 e6 f8 6d d3 9e 8c b2 2d b4 81
>
>     83 fd c7 63 f6 8b fe 26 e9 97
>
> SSL_connect:SSLv2/v3 write client hello A
>
> read from 0x9d606b0 [0x9d66bd8] (7 bytes => 0 (0x0))
>
> 7175:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:188:
>
> Linux#
>
>
>
> The SSL handshake goes through fine in these cases:
>
> 1.When I enable SSLv3, the query goes through fine.
>
> 2. When I force the TLSv1 in the s_client query.
>
> 3. With the older httpd version 2.2.25
> Is this intentional, to honor the disable SSLv3 configured?
>
> Please help me let know what could be the issue? Let me know if any other
> details are needed.
>
> Thx,
> DS
>



-- 
*Daniel Ferradal*
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

Mime
View raw message