Re: Problems with TLS connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 24/04/2012 21:56, Carmel wrote:

On Tue, 24 Apr 2012 20:40:30 +0100
plot.lost articulated:


On 24/04/2012 20:19, Carmel wrote:

On Tue, 24 Apr 2012 19:46:40 +0100
plot.lost articulated:


Having problems making TLS connections to an instance of apache.

[snipped]
Any clues as to why the TLS connection is not working - is there
some config value I am missing or have wrong?

What version of SSL are you using? There was a problem with the
update of "openssl-1.0.1a" that caused problems with Postfix with
certain domains.

Try this for starters:

openssl s_client -connect 127.0.0.1:443 -tls1_2
openssl s_client -connect 127.0.0.1:443 -tls1_1
openssl s_client -connect 127.0.0.1:443 -tls1
openssl s_client -connect 127.0.0.1:443 -ssl3

Post the connect or fail results back here.


Command line openssl version is:

OpenSSL 0.9.8t 18 Jan 2012 (Library: OpenSSL 0.9.8k 25 Mar 2009)

-tls1_1 and -tls1_2 are not recognised options
-tls1 fails
-ssl3 connects fine.

The apache httpd has been compiled against the same openssl (and is
running on the same box, ubuntu 10.04 LTS)

Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8t

I have Firefox 11.0 and Apache-2.2.22 and OpenSSL 1.0.1a installed so
all of those protocols work correctly. You might want to consider
updating your "openssl" to the latest version. Unfortunately, you will
have to recompile everything linked against it. That can be trivial or
major depending on your system.


I've found the problem, a simple configuration error...

I had

    SSLProtocol TLSv1 SSLv3

as my config, ssl3 worked fine by tls1 failed.

Changing this to

    SSLProtocol SSLv3 TLSv1

caused tls1 to work, but now ssl3 failed.
Problem was not using '+' infront of the protocols when trying to add one in, so it resulted in only the last protocol listed actually working. 

Changed the config to

    SSLProtocol TLSv1 +SSLv3

and now both work fine
Thanks for the help - and sorry for wasting time on what turned out to be a simple config error! 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux