[openssl-users] Apache/OpenSSL1.1 sending Fatal, Description: Handshake Failure' packet to WebDAV client
Benjamin Kaduk
bkaduk at akamai.com
Thu Jul 27 20:03:49 UTC 2017
On 07/27/2017 02:49 PM, Todd Blum wrote:
> SSLv2 Record Layer: Client Hello
SSLv2-compatible ClientHello is pretty old and probably unneeded
> [Version: SSL 2.0 (0x0002)]
> Length: 46
> Handshake Message Type: Client Hello (1)
> Version: SSL 3.0 (0x0300)
> Cipher Spec Length: 21
> Session ID Length: 0
> Challenge Length: 16
> Cipher Specs (7 specs)
> Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
> Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
> Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
> Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
> Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
> Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
> Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff)
> Challenge
All of those are pretty bad ciphers; can you update the client to use
better ones?
Otherwise you might have to do something like include @SECLEVEL=0 in the
cipher spec on the server to enable the weak ciphers.
-Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170727/8b26f3a4/attachment.html>
More information about the openssl-users
mailing list