https://bz.apache.org/bugzilla/show_bug.cgi?id=69481
Bug ID: 69481
Summary: SSLCryptoDevice pkcs11 fails with HSM
Product: Apache httpd-2
Version: 2.4.37
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
With Apache 2.4.37 on RHEL 8.8, configured to use SSL with private key and
certificate found on HSM partition, Thales TCT Luna T-5000. Configured with
p11kit and OpenSSL.
Client connections fail with "Error code: SSL_ERROR_INTERNAL_ERROR_ALERT"
Server is unable to support secure connection with this configuration, errors
seen when connecting to hsm.
NGINX v1.27.2 using OpenSSL/p11kit is functional, using same key/certificate
and HSM on same system.
Apache logs in messages:
Nov 27 10:55:24 101rhel systemd[1]: Started The Apache HTTP Server.
Nov 27 10:55:36 101rhel httpd[134807]: Server configured, listening on: port
443, port 80
Nov 27 10:55:47 101rhel httpd[134818]: Error message is : error:1408F119:SSL
routines:ssl3_get_record:decryption failed or bad record mac
Nov 27 10:55:47 101rhel httpd[134818]: Error message is : error:140E0197:SSL
routines:SSL_shutdown:shutdown while in init
Nov 27 10:56:15 101rhel httpd[134817]: SSL Error is (5 : 104 )
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
