Why httpd-2.4.46 server not working with TLSv1.2?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
I have installed apache 2.4.46 from the source code. I have also installed Openssl 1.1.1c from the source code in "/opt/openssl"

I use the following configuration while installing apache,
========================
CFLAGS='-DSSL_EXPERIMENTAL_ENGINE -DSSL_ENGINE -DOPENSSL_LOAD_CONF' LDFLAGS=-Wl,-rpath=/opt/openssl/lib ./configure --prefix=/etc/apache2 --enable-ssl --with-ssl=/opt/openssl/ --with-pcre=/usr/local/pcre --enable-so
======================

My httpd-ssl.conf with the following configuration works fine with TLSv1.3,
======================
SSLCipherSuite AES128-SHA256
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
========================

However, If I try to use TLSv1.2, I get the following error,
==============================
xxx@xxx:~$ curl -k https://10.29.2.98 -verbose --tlsv1.2 --tls-max 1.2
*   Trying 10.29.2.98:443...
* Connected to 10.29.2.98 (10.29.2.98) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, bad record mac (532):
* error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac
* Closing connection 0
curl: (35) error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac
=================================

I also change httpd-ssl.conf like the following, 
=================
SSLCipherSuite AES128-SHA256
SSLHonorCipherOrder on
#SSLProtocol all -SSLv3
SSLProtocol -all +TLSv1.2
=================

but still same error,
===================
$curl -k https://10.29.2.98 -verbose
*   Trying 10.29.2.98:443...
* Connected to 10.29.2.98 (10.29.2.98) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS alert, bad record mac (532):
* error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac
* Closing connection 0
curl: (35) error:140943FC:SSL routines:ssl3_read_bytes:sslv3 alert bad record mac
==================

Any help, where did I make mistake?

Thanks,
Shariful Alam



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux