Uploaded image for project: 'JBoss Core Services'
  1. JBoss Core Services
  2. JBCS-350

Enable SSLv3 does not work correctly in JBCS 2.4.23

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • httpd 2.4.23 GA
    • httpd, openssl
    • None
    • Hide
      • Unzip the jbcs-httpd24-httpd-2.4.23-RHEL6-x86_64.zip
      • Run postinstall script
      • Modify the SSLProtocol to one of the one that does not work "SSLProtocol -all +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 "
      • Run the following commands "openssl s_client -connect localhost:443 -ssl3" to connect using SSLv3 protocol
      1. openssl s_client -connect localhost:443 -ssl3
        CONNECTED(00000003)
        140591244056392:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40
        140591244056392:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:

        no peer certificate available

        No client certificate CA names sent

        SSL handshake has read 7 bytes and written 0 bytes

        New, (NONE), Cipher is (NONE)
        Secure Renegotiation IS NOT supported
        Compression: NONE
        Expansion: NONE
        SSL-Session:
        Protocol : SSLv3
        Cipher : 0000
        Session-ID:
        Session-ID-ctx:
        Master-Key:
        Key-Arg : None
        Krb5 Principal: None
        PSK identity: None
        PSK identity hint: None
        Start Time: 1494863787
        Timeout : 7200 (sec)
        Verify return code: 0 (ok)
      Show
      Unzip the jbcs-httpd24-httpd-2.4.23-RHEL6-x86_64.zip Run postinstall script Modify the SSLProtocol to one of the one that does not work "SSLProtocol -all +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 " Run the following commands "openssl s_client -connect localhost:443 -ssl3" to connect using SSLv3 protocol openssl s_client -connect localhost:443 -ssl3 CONNECTED(00000003) 140591244056392:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40 140591244056392:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: — no peer certificate available — No client certificate CA names sent — SSL handshake has read 7 bytes and written 0 bytes — New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1494863787 Timeout : 7200 (sec) Verify return code: 0 (ok)

    Description

      When specifying one of the following SSLProtocol directive below:

      SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
      SSLProtocol All +SSLv3
      SSLProtocol all +SSLv3
      SSLProtocol -all +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2

      User can not connect via SSLv3 protocol, only specifying the following SSLProtocol directive; we were able to connect via SSLv3

      SSLProtocol +SSLv3

      Did not see the issue in JBCS httpd 2.4.6

      Attachments

        Activity

          People

            gzaronik@redhat.com George Zaronikas
            rhn-support-hpham Hung Pham (Inactive)
            Marek Czernek Marek Czernek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: