Apache + OpenSSL Trouble

M

Monoecus

Since updating to OpenSSL 1.0.0, my Apache22 server does not work properly anymore and Firefox returns the following error message:

Code: 
An error occurred during a connection to [url]www.xxx.xxx[/url].

SSL received a record with an incorrect Message Authentication Code.

(Error code: ssl_error_bad_mac_read)

I have rebuild the certificate and also tested it with www/hiawatha were it works correctly. There are no error log messages in the Apache logs neither in /var/log/messages.

Does anybody have a clue on what's going on?
 
I'm presuming that this is the security/openssl port, rather than the base system openssl?

If so, would rebuilding Apache22 / mod_ssl with different make (make.conf(5)) settings - i.e. using the base system openssl - be acceptable?

---

If you really need to troubleshoot this, it does not make sense that Apache is not logging the problem. Make sure you've set at least LogLevel info and that you're looking at the right error log. (It may be a in a different virtualhost than you are expecting, or it may be that SSL connections have their own virtualhost container.)
 
Yes you are right. It is an issue with security/openssl. Actually, I can confirm that the trouble lies in the configuration of www/apache22. After removing

Code: 
SSLCipherSuite RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

from the config file, everything worked fine again. Hence, there must be one of those ciphers which is incompatible with the new OpenSSL.

Anyway, thank you very much for your comments.
 
The default is

Code: 
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

and it works fine with openssl-1.0.0.
 
You must log in or register to reply here.
Back
Top