I've been struggling with this issue on a couple of our Apache servers, but not all.
In the last week or two, Chrome has updated their browser and that is when some users
started to experience SSLProtocol error in the browser. Nothing is logged on the server with normal warn level of logging set.
We have found three ways to dodge the error. In chrome the feature ML-KEM
can be changed from Default to Disabled, and then it is fine. Alternatively, the
SSLProtocol in apache configuration can be set to only TLS 1.2 and then Chrome
can load the site. Or Alternatively the site can be used with Firefox and it is fine
even while TLS 1.3 is in effect.
I've run through a lot of diagnosis with ChatGPT and tried a lot of options for CipherSuite
and SSLOpenSSLConfCmd . Nothing on that level has helped. We have a lot of Apache servers where nothing too elaborate has been configured for SSLCipherSuite and they don't exhibit any problem.
Earlier I did find one of our sites had an unconfigured <VirtualHost _default_:443>
setup, and once I removed that, then it resolved this issue. For the sites having a problem today, I am unable to find any config junk that could be similar.
The site gets an A+ at SSL Qualsys Labs SSL test and I don't see any issues flagged in the detailed break down.
I've seen the problem in Apache 2.4.62 on Debian 12, and also in Apache 2.4.62 for Windows built by the Apache Lounge project.
I have other servers with Apache and there are no problems in the same Chrome from them.
It's a bizarre set of circumstances to troubleshoot. It might be the case that like the system with the leftover _default_:443 VirtualHost, there is another sort of config error that can cause these SSL Protocol problems now, and only recently, and only in Chrome (or maybe Edge).
I'm running out of ideas of things to check. Has no one else run into this since Nov 12th or so?