Getting 'Fatal Handshake Failure' with WebDAV client

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Getting 'Fatal Handshake Failure' with WebDAV client

Todd Blum
Hello,

I've set up Apache 2.4.27 with mod_dav, running on Windows 2012 on an
Apache Haus build.  All of my WebDAV clients authenticate OK to it, except
for one.

When this WebDAV client connects to Apache 2.4.27 built with OpenSSL
1.1.0f, Wireshark captures the following packet right after 'Client
Hello':

'Alert (level: Fatal, Description: Handshake Failure)'

Wireshark doesn't show any 'Handshake Failure' packets when it connects
to Apache 2.4.27/OpenSSL 1.0.2l, but it doesn't establish an SSL/TLS
session to that either.

The 'Client Hello' packet for the client is as follows:
_______________________________________________________________________

No.     Time                    Source                Destination
Length Protocol Src Prt Dst Prt Info
       4 2017-07-25 14:58:26.128 xxx.xxx.xxx.xx        xxx.xxx.xxx.xx
180    SSLv2    62572   443     Client Hello

Frame 4: 180 bytes on wire (1440 bits), 92 bytes captured (736 bits) on
interface 0
Null/Loopback
Internet Protocol Version 4, Src: xxx.xxx.xxx.xx (xxx.xxx.xxx.xx), Dst:
xxx.xxx.xxx.xx (xxx.xxx.xxx.xx)
Transmission Control Protocol, Src Port: 62572 (62572), Dst Port: 443
(443), Seq: 1, Ack: 1, Len: 48
Secure Sockets Layer
     SSLv2 Record Layer: Client Hello
         [Version: SSL 2.0 (0x0002)]
         Length: 46
         Handshake Message Type: Client Hello (1)
         Version: SSL 3.0 (0x0300)
         Cipher Spec Length: 21
         Session ID Length: 0
         Challenge Length: 16
         Cipher Specs (7 specs)
             Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
             Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
             Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
             Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
             Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
             Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
             Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff)
         Challenge
_______________________________________________________________________


I've even configured httpd-ssl.conf with the following with no luck:

# old configuration, tweak to your needs
SSLProtocol             all
SSLCipherSuite
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP
SSLHonorCipherOrder     on
SSLCompression          off
SSLSessionTickets       off

Has anyone else encountered something like this?

Todd

--
Todd Blum
http://www.toddblum.org


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Loading...