Getting 'Fatal Handshake Failure' with WebDAV client

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
I've set up Apache 2.4.27 with mod_dav, running on Windows 2012 on an Apache Haus build. All of my WebDAV clients authenticate OK to it, except for one.
When this WebDAV client connects to Apache 2.4.27 built with OpenSSL 1.1.0f, Wireshark captures the following packet right after 'Client Hello': 

'Alert (level: Fatal, Description: Handshake Failure)'
Wireshark doesn't show any 'Handshake Failure' packets when it connects to Apache 2.4.27/OpenSSL 1.0.2l, but it doesn't establish an SSL/TLS session to that either. 

The 'Client Hello' packet for the client is as follows:
_______________________________________________________________________
No. Time Source Destination Length Protocol Src Prt Dst Prt Info 4 2017-07-25 14:58:26.128 xxx.xxx.xxx.xx xxx.xxx.xxx.xx 180 SSLv2 62572 443 Client Hello
Frame 4: 180 bytes on wire (1440 bits), 92 bytes captured (736 bits) on interface 0 
Null/Loopback
Internet Protocol Version 4, Src: xxx.xxx.xxx.xx (xxx.xxx.xxx.xx), Dst: xxx.xxx.xxx.xx (xxx.xxx.xxx.xx) Transmission Control Protocol, Src Port: 62572 (62572), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 48 
Secure Sockets Layer
    SSLv2 Record Layer: Client Hello
        [Version: SSL 2.0 (0x0002)]
        Length: 46
        Handshake Message Type: Client Hello (1)
        Version: SSL 3.0 (0x0300)
        Cipher Spec Length: 21
        Session ID Length: 0
        Challenge Length: 16
        Cipher Specs (7 specs)
            Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
            Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
            Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
            Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
            Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
            Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
            Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff)
        Challenge
_______________________________________________________________________


I've even configured httpd-ssl.conf with the following with no luck:

# old configuration, tweak to your needs
SSLProtocol             all
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP 
SSLHonorCipherOrder     on
SSLCompression          off
SSLSessionTickets       off

Has anyone else encountered something like this?

Todd

--
Todd Blum
http://www.toddblum.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux