[openssl-users] Apache/OpenSSL1.1 sending Fatal, Description: Handshake Failure' packet to WebDAV client
Todd Blum
todd at toddblum.org
Thu Jul 27 19:49:02 UTC 2017
Hello,
I have an Apache 2.4.27/OpenSSL1.1.0f server running with mod_dav enabled.
One of my WebDAV clients can't connect to it, but all other WebDAV clients
(WinSCP, etc.) are connecting OK.
Apache sends a 'Handshake Failure' immediately:
No. Time Source Destination
Length Protocol Src Prt Dst Prt Info
4 2017-07-24 22:38:38.516 xxx.xxx.xxx.xx yyy.yyy.yyy.yy
180 SSLv2 52883 443 Client Hello
5 2017-07-24 22:38:38.516 yyy.yyy.yyy.yy xxx.xxx.xxx.xx
84 TCP 443 52883 443→52883 [ACK] Seq=1 Ack=49 Win=525568
Len=0
6 2017-07-24 22:38:38.525 yyy.yyy.yyy.yy xxx.xxx.xxx.xx
98 SSLv3 443 52883 Alert (Level: Fatal, Description:
Handshake Failure)
The client's 'Client Hello' packet is as follows:
No. Time Source Destination
Length Protocol Src Prt Dst Prt Info
4 2017-07-25 14:58:26.128 xxx.xxx.xxx.xx xxx.xxx.xxx.xx
180 SSLv2 62572 443 Client Hello
Frame 4: 180 bytes on wire (1440 bits), 92 bytes captured (736 bits) on
interface 0
Null/Loopback
Internet Protocol Version 4, Src: xxx.xxx.xxx.xx (xxx.xxx.xxx.xx), Dst:
xxx.xxx.xxx.xx (xxx.xxx.xxx.xx)
Transmission Control Protocol, Src Port: 62572 (62572), Dst Port: 443
(443), Seq: 1, Ack: 1, Len: 48
Secure Sockets Layer
SSLv2 Record Layer: Client Hello
[Version: SSL 2.0 (0x0002)]
Length: 46
Handshake Message Type: Client Hello (1)
Version: SSL 3.0 (0x0300)
Cipher Spec Length: 21
Session ID Length: 0
Challenge Length: 16
Cipher Specs (7 specs)
Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff)
Challenge
Has anyone else had anything like this?
Todd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170727/71cdb246/attachment.html>
More information about the openssl-users
mailing list