https://bz.apache.org/bugzilla/show_bug.cgi?id=61824
Bug ID: 61824
Summary: TLS Alert is missing when client(TLSv1.0) trys to
connect to server(TLSv1.1/TLSv1.2)
Product: Apache httpd-2
Version: 2.4.29
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy_http
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 35556
--> https://bz.apache.org/bugzilla/attachment.cgi?id=35556&action=edit
Conf and Wireshark file
There's a problem when you have a virtual host proxy who uses the ssl engine
and is set to only use TLSv1.1 and TLSv1.2 and you try to connect with a client
who only uses TLSv1.0 with a TLSv1 Layer. When the client is trying to connect
to the server, the server is closing the connection but is not sending a TLS
Alert.
I will attach the used configuration for that part and a wireshark record.
The problem is also occuring on linux openSUSE.
Tested with curl (7.55.1 (x86_64-w64-mingw32) libcurl/7.55.1 OpenSSL/1.0.2l
zlib/1.2.11 libidn2/2.0.4 libssh2/1.8.0 nghttp2/1.23.1) and command "curl
--tlsv1.0 --insecure <address>"
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
