[openssl-users] Apache/OpenSSL1.1 sending Fatal, Description: Handshake Failure' packet to WebDAV client

Todd Blum todd at toddblum.org
Thu Jul 27 19:49:02 UTC 2017


I have an Apache 2.4.27/OpenSSL1.1.0f server running with mod_dav enabled.

One of my WebDAV clients can't connect to it, but all other WebDAV clients
(WinSCP, etc.) are connecting OK.

Apache sends a 'Handshake Failure' immediately:

No.     Time                    Source                Destination
Length Protocol Src Prt Dst Prt Info
      4 2017-07-24 22:38:38.516 xxx.xxx.xxx.xx        yyy.yyy.yyy.yy
 180    SSLv2    52883   443     Client Hello
      5 2017-07-24 22:38:38.516 yyy.yyy.yyy.yy        xxx.xxx.xxx.xx
 84     TCP      443     52883   443→52883 [ACK] Seq=1 Ack=49 Win=525568
      6 2017-07-24 22:38:38.525 yyy.yyy.yyy.yy        xxx.xxx.xxx.xx
 98     SSLv3    443     52883   Alert (Level: Fatal, Description:
Handshake Failure)

The client's 'Client Hello' packet is as follows:

No.     Time                    Source                Destination
Length Protocol Src Prt Dst Prt Info
      4 2017-07-25 14:58:26.128 xxx.xxx.xxx.xx        xxx.xxx.xxx.xx
 180    SSLv2    62572   443     Client Hello

Frame 4: 180 bytes on wire (1440 bits), 92 bytes captured (736 bits) on
interface 0
Internet Protocol Version 4, Src: xxx.xxx.xxx.xx (xxx.xxx.xxx.xx), Dst:
xxx.xxx.xxx.xx (xxx.xxx.xxx.xx)
Transmission Control Protocol, Src Port: 62572 (62572), Dst Port: 443
(443), Seq: 1, Ack: 1, Len: 48
Secure Sockets Layer
    SSLv2 Record Layer: Client Hello
        [Version: SSL 2.0 (0x0002)]
        Length: 46
        Handshake Message Type: Client Hello (1)
        Version: SSL 3.0 (0x0300)
        Cipher Spec Length: 21
        Session ID Length: 0
        Challenge Length: 16
        Cipher Specs (7 specs)
            Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
            Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
            Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
            Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
            Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
            Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
            Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff)

Has anyone else had anything like this?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170727/71cdb246/attachment.html>

More information about the openssl-users mailing list