[openssl-users] Apache/OpenSSL1.1 sending Fatal, Description: Handshake Failure' packet to WebDAV client

Benjamin Kaduk bkaduk at akamai.com
Thu Jul 27 20:03:49 UTC 2017

On 07/27/2017 02:49 PM, Todd Blum wrote:
>     SSLv2 Record Layer: Client Hello

SSLv2-compatible ClientHello is pretty old and probably unneeded

>         [Version: SSL 2.0 (0x0002)]
>         Length: 46
>         Handshake Message Type: Client Hello (1)
>         Version: SSL 3.0 (0x0300)
>         Cipher Spec Length: 21
>         Session ID Length: 0
>         Challenge Length: 16
>         Cipher Specs (7 specs)
>             Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
>             Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
>             Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
>             Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
>             Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
>             Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
>             Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff)
>         Challenge

All of those are pretty bad ciphers; can you update the client to use
better ones?

Otherwise you might have to do something like include @SECLEVEL=0 in the
cipher spec on the server to enable the weak ciphers.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170727/8b26f3a4/attachment.html>

More information about the openssl-users mailing list