Getting 'Fatal Handshake Failure' with WebDAV client

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Getting 'Fatal Handshake Failure' with WebDAV client

Todd Blum

I've set up Apache 2.4.27 with mod_dav, running on Windows 2012 on an
Apache Haus build.  All of my WebDAV clients authenticate OK to it, except
for one.

When this WebDAV client connects to Apache 2.4.27 built with OpenSSL
1.1.0f, Wireshark captures the following packet right after 'Client

'Alert (level: Fatal, Description: Handshake Failure)'

Wireshark doesn't show any 'Handshake Failure' packets when it connects
to Apache 2.4.27/OpenSSL 1.0.2l, but it doesn't establish an SSL/TLS
session to that either.

The 'Client Hello' packet for the client is as follows:

No.     Time                    Source                Destination
Length Protocol Src Prt Dst Prt Info
       4 2017-07-25 14:58:26.128
180    SSLv2    62572   443     Client Hello

Frame 4: 180 bytes on wire (1440 bits), 92 bytes captured (736 bits) on
interface 0
Internet Protocol Version 4, Src: (, Dst: (
Transmission Control Protocol, Src Port: 62572 (62572), Dst Port: 443
(443), Seq: 1, Ack: 1, Len: 48
Secure Sockets Layer
     SSLv2 Record Layer: Client Hello
         [Version: SSL 2.0 (0x0002)]
         Length: 46
         Handshake Message Type: Client Hello (1)
         Version: SSL 3.0 (0x0300)
         Cipher Spec Length: 21
         Session ID Length: 0
         Challenge Length: 16
         Cipher Specs (7 specs)
             Cipher Spec: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x00000a)
             Cipher Spec: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x000013)
             Cipher Spec: TLS_RSA_WITH_RC4_128_SHA (0x000005)
             Cipher Spec: TLS_RSA_WITH_RC4_128_MD5 (0x000004)
             Cipher Spec: SSL2_RC4_128_WITH_MD5 (0x010080)
             Cipher Spec: SSL2_DES_192_EDE3_CBC_WITH_MD5 (0x0700c0)
             Cipher Spec: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x0000ff)

I've even configured httpd-ssl.conf with the following with no luck:

# old configuration, tweak to your needs
SSLProtocol             all
SSLHonorCipherOrder     on
SSLCompression          off
SSLSessionTickets       off

Has anyone else encountered something like this?


Todd Blum

To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]