connecting client tlsv1.0 to apache proxy tlsv1.1/tlsv1.2 is missing TLS-alert on close

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

English is my second language and I'm sorry for any kind of misspelling or
wrong formulation. 

This is the first time I'm posting here so I would appreciate any kind of
advice concerning my form of writing this message :)

The problem I'm facing right now is rather easy to set up. I have an apache
server which should act as a proxy server. 

So for the ssl settings I've got this:

	SSLCipherSuite " ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256  ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA "
	SSLProxyCipherSuite " ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256  ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA "
	SSLHonorCipherOrder on 
	SSLCompression off
	SSLProtocol -all +TLSv1.1 +TLSv1.2
	SSLProxyProtocol -all +TLSv1.1 +TLSv1.2

And I've defined a VirtualHost:
<VirtualHost *:443>
	DocumentRoot "C:/PEGK/xamppAP2429/htdocs"
    	ServerName   test.localhost
    	ServerAdmin  dummy@xxxxxxxxx
	
	SSLEngine On
    SSLCertificateFile "conf/ssl.crt/reg.crt"
	SSLCertificateKeyFile "conf/ssl.key/reg.key" 
	
	<IfModule headers_module>
		Header always set Strict-Transport-Security
"max-age=16070400; includeSubDomains"
	</IfModule>
	
	<IfModule proxy_module>
		ProxyRequests   Off
		SSLProxyEngine on
	
		ProxyPass /webstats !
		ProxyPass /server-status !
		ProxyPass /server-csinfo !
		ProxyPass /maintenance !
		ProxyPass /server-info !
		ProxyPass /cs-adm !
		ProxyPass /error !
	
		ProxyPass /         https://127.0.0.1:8801/
		ProxyPassReverse /  https://127.0.0.1:8801/
	
		SSLProxyCheckPeerCN off
		SSLProxyVerify off
		SSLProxyCheckPeerName off
		SSLProxyCheckPeerExpire off
		ProxyPreserveHost On
    </IfModule>
</VirtualHost>

When I try to connect to the apache via curl with something like this "curl
--tlsv1.0 --insecure https://test.localhost"; and trace the network
communication via wireshark you can see that the TLS-Alert is missing when
the connection is closed. I added a screenshot in the attachements.

The Problem occurs on Windows (with XAMPP) and on linux openSUSE with the
latest stable version 2.4.29. 

I've searched the web via google focused on terms "apache, tlsv1 -1.2 and
tls alerts" but I didn't find anything helpful. Does anybody knows this
Problem or could give me some advice solving it? 

Thank you for your help in advance!

Sincerely 
Michael

Attachment: wireshark_screen.jpg
Description: JPEG image

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux