Hello,
I've set up Apache 2.4.27 with mod_dav, running on Windows 2012 on an
Apache Haus build. All of my WebDAV clients authenticate OK to it, except
for one.
When this WebDAV client connects to Apache 2.4.27 built with OpenSSL
1.1.0f, Wireshark captures the following packet right after 'Client
Hello':
'Alert (level: Fatal, Description: Handshake Failure)'
Wireshark doesn't show any 'Handshake Failure' packets when it connects
to Apache 2.4.27/OpenSSL 1.0.2l, but it doesn't establish an SSL/TLS
session to that either.
The 'Client Hello' packet for the client is as follows:
_______________________________________________________________________
No. Time Source Destination
Length Protocol Src Prt Dst Prt Info
4 2017-07-25 14:58:26.128 xxx.xxx.xxx.xx xxx.xxx.xxx.xx
180 SSLv2 62572 443 Client Hello
Frame 4: 180 bytes on wire (1440 bits), 92 bytes captured (736 bits) on
interface 0
Null/Loopback
Internet Protocol Version 4, Src: xxx.xxx.xxx.xx (xxx.xxx.xxx.xx), Dst:
xxx.xxx.xxx.xx (xxx.xxx.xxx.xx)
Transmission Control Protocol, Src Port: 62572 (62572), Dst Port: 443
(443), Seq: 1, Ack: 1, Len: 48
Secure Sockets Layer
SSLv2 Record Layer: Client Hello
[Version: SSL 2.0 (0x0002)]
Length: 46
Handshake Message Type: Client Hello (1)
Version: SSL 3.0 (0x0300)
Cipher Spec Length: 21
Session ID Length: 0
Challenge Length: 16
Cipher Specs (7 specs)
Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff)
Challenge
_______________________________________________________________________
I've even configured httpd-ssl.conf with the following with no luck:
# old configuration, tweak to your needs
SSLProtocol all
SSLCipherSuite
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
Has anyone else encountered something like this?
Todd
--
Todd Blum
http://www.toddblum.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
