0

I have a server running Ubuntu 16.0.4 with Apache 2.4.18 which seems to be rejecting requests from certain clients. I have another server with Apache 2.4.7 that accepts the same request w/o error. If I run the request thru a proxy like Runscope I get back a result. If I request just a simple php file I will get the error. I have loglevel set to debug but server is not showing the request at all. I have set LimitRequestLine 100000 and AllowEncodedSlashes On as the URL I'm requesting does include an encoded URL. However, if I remove all passed params it still fails.

It appears to be a handshake issue.

[MacBook-Pro-2:~] admin% openssl s_client -connect www2.nrgsoft.com:443 CONNECTED(00000003) 3519:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_lib.c:185:

The cert appears to be OK when I check with a site like SSLLabs. https://www.ssllabs.com/ssltest/analyze.html?d=www2.nrgsoft.com

My Mac has OpenSSL 0.9.8zh 14 Jan 2016 while the server is OpenSSL 1.0.2g 1 Mar 2016.

andyknas
  • 113
  • 1
  • 7

1 Answers1

0

I have the same behaviour on a batch process that make a download, csv file, from an external apache server with ssl, after thay update from 2.3 to 2.4 version and they disable some old encryption types. The only way to get back to work was upgrading the openssl version of the server that make the ssl connection in that batch process. I found an comunity version of openssl that works, i don't know if this works for you but maybe helps to find a way.

Gabriel Orlando
  • 16
  • 1
  • The server did have the latest version of OpenSSL. I ended up adjusting the ssl.conf file in mods-available so that it matched the previous server and was then able to connect. Something in the default config wasn't allowing connection from some versions of OpenSSL on Mac OS. CURL worked, Safari worked, but something in the base library was askew... – andyknas Jul 12 '17 at 14:12