Hi, I use ErrorDocument 400 "https://myserver:215"; to achieve redirection to secure connection for anyone who would access my server with just 'http://myserver:215'.
This works as long as there's SSLProtocol TLSv1.1 +TLSv1.2 specified in the configuration. However when I change that to just SSLProtocol TLSv1.2 it stops working and the client gets "The connection was reset The connection to the server was reset while the page was loading." in their browser. I guess this is because Apache calls different OpenSSL functions based on the config setting at https://github.com/apache/httpd/blob/2f0f0d4e31bcf8b151ebc833ddd56c09dbff6462/modules/ssl/ssl_engine_init.c#L643 or https://github.com/apache/httpd/blob/2f0f0d4e31bcf8b151ebc833ddd56c09dbff6462/modules/ssl/ssl_engine_init.c#L649 and I am not sure if this is something that could be dealt with within Apache. Would you consider this worth logging a bug? Or would there be another way to achieve this? Thanks! P. P.S.: This is on Solaris 11.4, x86, Apache 2.4.47, OpenSSL 1.0 My simplified config below: ServerRoot "/usr/apache2/2.4" Listen 215 <IfDefine prefork> LoadModule mpm_prefork_module libexec/mod_mpm_prefork.so </IfDefine> <IfDefine worker> LoadModule mpm_worker_module libexec/mod_mpm_worker.so </IfDefine> <IfDefine !prefork> <IfDefine !worker> LoadModule mpm_event_module libexec/mod_mpm_event.so </IfDefine> </IfDefine> LoadModule ssl_module libexec/mod_ssl-fips-140.so LoadModule authz_core_module libexec/mod_authz_core.so LoadModule unixd_module libexec/mod_unixd.so <IfModule unixd_module> User webservd Group webservd </IfModule> ServerName 127.0.0.1 <Directory /> AllowOverride none Require all denied </Directory> DocumentRoot "/var/apache2/2.4/htdocs" <Directory "/var/apache2/2.4/htdocs"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <Files ".ht*"> Require all denied </Files> ErrorLog "/var/apache2/2.4/logs/error_log" LogLevel warn <Directory "/var/apache2/2.4/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule> SSLEngine on SSLProtocol TLSv1.1 +TLSv1.2 SSLCertificateFile /etc/certs/localhost/host.crt SSLCertificateKeyFile /etc/certs/localhost/host.key SSLCACertificateFile /etc/certs/localhost/host-ca/hostca.crt SSLCertificateChainFile /etc/certs/localhost/host-ca/hostca.crt ErrorDocument 400 "https://myserver:215";
