Find the answer to your Linux question:
Results 1 to 1 of 1
As would be clear from the post header, i am trying for an insecure SSL renegotiaion as my SSL client does not have support for the latest TLS renegotiation vulnerability ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2010
    Posts
    1

    Arrow SSL renegotiation failing even after enabling SSLInsecureRenegotiation directive.


    As would be clear from the post header, i am trying for an insecure SSL renegotiaion as my SSL client does not have support for the latest TLS renegotiation vulnerability (CVE-2009-3555).

    My server configuration :
    server:- Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/1.0.0a
    Platform: Ubuntu 10.04.1 LTS

    The problem is my handshake goes through successfully, but in application data stage client initiates the renegotiation upon which i get thrown an error and the connection terminates. I did enable SSLInsecureRenegotiation directive, but the error persists.

    Error as received on the client side ( as interpreted by the client) is EOF (does not convey much). But the same client when connected to the earlier version of APACHE - 2.0.47 works pretty fine.

    Error on server side corresponding to my client request in error.log represents :
    [Fri Sep 03 16:19:16 2010] [error] [client 10.225.171.98] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /index.html
    [Fri Sep 03 16:19:38 2010] [error] [client 10.225.171.98] rejecting client initiated renegotiation

    SSL conf file (vhost configuration in httpd-ssl.conf ) : attached as a separate attachment [httpd-ssl.txt]

    Can you guys, help me with this ?
    Am i missing something on the server config part or not using the SSLInsecureRenegotiation directive correctly ?

    Hope to get some pointers,
    Gaurav
    Attached Files Attached Files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •