Hello everyone.
SUSE 11 SP1 on system Z is my SO environment.
Now we have an application that requires that only TLS protocol are enabled
when someone are invoking the url in https protocol (all TLS version TLSv1.2
included)
I've downloaded Apache http 2.4.2, libica2.2, openssl 1.1.c, and new version
of libibmca.so (openssl-ibmca-1.2).
First I've compiled libica, openssl and libibmca.
Then I've compiled apache with no problem and now the server is up and running.
It seems to support all the TLS protocol but if I include crypto devides and I
put SLCryptoDevice ibmca directive in my httpd.conf file, I can see that the
crypto in working property in I use TLSv1.0 or TLSv1.1, but if I use TLSv1.2 it
doesn't work and I find and error in my apache error.log file:
(without this directive I can use that protocol without any problem!)
This is my error:
[Thu Aug 16 11:21:25.825329 2012] [ssl:info] [pid 23914:tid 2199055702288] SSL
Library Error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac
I cannot understand where is the problem!
The new version of libibmca.so does not support TLSv1.2 or...
If I run ldd libibmca.so for my new version I can see:
1) libcrypto.so.1.0.0 => /opt/openssl/lib/libcrypto.so.1.0.0
(0x0000020000010000)
2)libc.so.6 => /lib64/libc.so.6 (0x000002000020e000)
3)libdl.so.2 => /lib64/libdl.so.2 (0x0000020000393000)
4)libz.so.1 => /lib64/libz.so.1 (0x0000020000398000)
5)/lib/ld64.so.1 (0x000002aaaaaaa000)
I cannot see libica as in the old version but I don't think it could be a
problem.
Can you help me???
Thanks in advance
Manuela Vorazzo
________________________________
*******************Internet Email Confidentiality Footer*******************
Qualsiasi utilizzo non autorizzato del presente messaggio nonch? dei suoi
allegati ? vietato e potrebbe costituire reato. Se ha ricevuto per errore il
presente messaggio, Le saremmo grati se ci inviasse, via e-mail, una
comunicazione al riguardo e provvedesse nel contempo alla distruzione del
messaggio stesso e dei suoi eventuali allegati. Le dichiarazioni contenute nel
presente messaggio nonche' nei suoi eventuali allegati devono essere attribuite
al mittente e non possono essere necessariamente considerate come autorizzate
da SIA S.p.A.; le medesime dichiarazioni non impegnano SIA S.p.A. nei confronti
del destinatario o di terzi. SIA S.p.A. non si assume alcuna responsabilita'
per eventuali intercettazioni, modifiche o danneggiamenti del presente
messaggio e-mail.
Any unauthorized use of this e-mail or any of its attachments is prohibited and
could constitute an offence. If you are not the intended addressee please
advise immediately the sender by using the reply facility in your e-mail
software and destroy the message and its attachments. The statements and
opinions expressed in this e-mail message are those of the author of the
message and do not necessarily represent those of SIA S.p.A. Besides, The
contents of this message shall be understood as neither given nor endorsed by
SIA S.p.A.. SIA S.p.A. does not accept liability for corruption, interception
or amendment, if any, or the consequences thereof.
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
