[users@httpd] connecting client tlsv1.0 to apache proxy tlsv1.1/tlsv1.2 is missing TLS-alert on close

Tue, 09 Jan 2018 09:03:12 -0800 

Hi all,

English is my second language and I'm sorry for any kind of misspelling or
wrong formulation. 

This is the first time I'm posting here so I would appreciate any kind of
advice concerning my form of writing this message :)

The problem I'm facing right now is rather easy to set up. I have an apache
server which should act as a proxy server. 

So for the ssl settings I've got this:

        SSLCipherSuite " ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256  ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA "
        SSLProxyCipherSuite " ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256  ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA "
        SSLHonorCipherOrder on 
        SSLCompression off
        SSLProtocol -all +TLSv1.1 +TLSv1.2
        SSLProxyProtocol -all +TLSv1.1 +TLSv1.2

And I've defined a VirtualHost:
<VirtualHost *:443>
        DocumentRoot "C:/PEGK/xamppAP2429/htdocs"
        ServerName   test.localhost
        ServerAdmin  du...@arvato.de
        
        SSLEngine On
    SSLCertificateFile "conf/ssl.crt/reg.crt"
        SSLCertificateKeyFile "conf/ssl.key/reg.key" 
        
        <IfModule headers_module>
                Header always set Strict-Transport-Security
"max-age=16070400; includeSubDomains"
        </IfModule>
        
        <IfModule proxy_module>
                ProxyRequests   Off
                SSLProxyEngine on
        
                ProxyPass /webstats !
                ProxyPass /server-status !
                ProxyPass /server-csinfo !
                ProxyPass /maintenance !
                ProxyPass /server-info !
                ProxyPass /cs-adm !
                ProxyPass /error !
        
                ProxyPass /         https://127.0.0.1:8801/
                ProxyPassReverse /  https://127.0.0.1:8801/
        
                SSLProxyCheckPeerCN off
                SSLProxyVerify off
                SSLProxyCheckPeerName off
                SSLProxyCheckPeerExpire off
                ProxyPreserveHost On
    </IfModule>
</VirtualHost>

When I try to connect to the apache via curl with something like this "curl
--tlsv1.0 --insecure https://test.localhost"; and trace the network
communication via wireshark you can see that the TLS-Alert is missing when
the connection is closed. I added a screenshot in the attachements.

The Problem occurs on Windows (with XAMPP) and on linux openSUSE with the
latest stable version 2.4.29. 

I've searched the web via google focused on terms "apache, tlsv1 -1.2 and
tls alerts" but I didn't find anything helpful. Does anybody knows this
Problem or could give me some advice solving it? 

Thank you for your help in advance!

Sincerely 
Michael

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to