ALPN rewrite broke httpd TLS

Mon, 28 Aug 2017 23:51:08 -0700 

After the ALPN rewrite chromium/firefox/curl all refuse to connect to
httpd.

$ curl -kv https://127.0.0.1 
* Rebuilt URL to: https://127.0.0.1/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS alert, Server hello (2):
* error:1400441A:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert decode error
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1400441A:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert decode 
error

$ curl -kv --no-alpn https://127.0.0.1
* Rebuilt URL to: https://127.0.0.1/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*  subject: CN=raz.jsg.id.au
*  start date: Jun  6 11:20:37 2017 GMT
*  expire date: Jun  6 11:20:37 2018 GMT
*  issuer: CN=raz.jsg.id.au
*  SSL certificate verify result: self signed certificate (18), continuing 
anyway.
> GET / HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.55.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 66
< Content-Type: text/html
< Date: Tue, 29 Aug 2017 06:39:29 GMT
< Last-Modified: Tue, 13 May 2014 10:14:13 GMT
< Server: OpenBSD httpd
< 
<html>
<body>
<h1>/var/www/htdocs/index.html</h1>
</body>
</html>
* Connection #0 to host 127.0.0.1 left intact

Reply via email to