Re: SSL handshake failure after httpd upgrade to 2.4.12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You should share your SSLCiphersuite and SSLProtocol values first, besides that version of openssl is quite lacking regarding the availability of ciphers and protocols.

2015-07-30 5:37 GMT+02:00 Sunil R <dexterseven@xxxxxxxxx>:

I’m trying to upgrade the Apache version from httpd 2.2.25 to 2.4.12. Im building apache with the same openssl version 0.9.8.After the upgrade I see that the openssl s_client query to the server fails with error:

[Mon Jul 27 02:57:47.982584 2015] [ssl:info] [pid 22460:tid 1943075728] SSL Library Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

 

The openssl client version is Openssl 0.9.8g ( OpenSSL/FIPS). In the httpd config file I have disabled SSLv2 and SSLv3.

When I enable debug options on the s_client this is the output:

 

Linux# /isan/bin/openssl s_client -connect localhost:443 -debug -state -msg

CONNECTED(00000003)

SSL_connect:before/connect initialization

write to 0x9d606b0 [0x9d61678] (124 bytes => 124 (0x7C))

0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00   .z....Q... ..9..

0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............

0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03   ..3..2../.......

0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00   ................

0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08   ......@.........

0050 - 00 00 06 04 00 80 00 00-03 02 00 80 68 fd d4 c6   ............h...

0060 - 77 4c 5e ef 2f 41 d4 18-e6 f8 6d d3 9e 8c b2 2d   wL^./A....m....-

0070 - b4 81 83 fd c7 63 f6 8b-fe 26 e9 97               .....c...&..

>>> SSL 2.0 [length 007a], CLIENT-HELLO

    01 03 01 00 51 00 00 00 20 00 00 39 00 00 38 00

    00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00

    33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80

    00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00

    00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00

    06 04 00 80 00 00 03 02 00 80 68 fd d4 c6 77 4c

    5e ef 2f 41 d4 18 e6 f8 6d d3 9e 8c b2 2d b4 81

    83 fd c7 63 f6 8b fe 26 e9 97

SSL_connect:SSLv2/v3 write client hello A

read from 0x9d606b0 [0x9d66bd8] (7 bytes => 0 (0x0))

7175:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Linux#

 

The SSL handshake goes through fine in these cases:

1.When I enable SSLv3, the query goes through fine.

2. When I force the TLSv1 in the s_client query.

3. With the older httpd version 2.2.25

Is this intentional, to honor the disable SSLv3 configured?

Please help me let know what could be the issue? Let me know if any other details are needed.

Thx,
DS



--
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux