It appears now I've been bitten by this bug in Apache. I run a pair of reverse proxy servers on 12.04 using Apache. I built these servers last year and they were working fine up until last week when I ran a dist- upgrade to update some packages (specifically apache2 and openssl) to clear up some vulnerabilities identified in a PCI scan. Since then, one of the reverse proxies is unable to connect to an internal WebLogics server due to SSL errors. Using openssl s_client -connect fails, but adding -tls1 works.
According to the Apache 2.2 documentation, I should be able to add "SSLProxyProtocol All -SSLv2 -TLSv1.1 -TLSv1.2" to my reverse proxy virtual server config, but it doesn't like the "-TLSv1.1 -TLSv1.2". I've read that those options are only supported in Apache 2.4. Now I'm basically stuck. It appears Ubuntu 12.04 has made a change in openssl that is impossible to workaround in the version of Apache provided in Ubuntu 12.04. Downgrading openssl is not an option because I specifically needed the current version to pass the PCI scan. I've asked about updating the WebLogics server, but considering it is a PeopleSoft server, I suspect that is going to be a challenge. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/965371 Title: HTTPS requests fail on sites which immediately close the connection if TLS 1.1 negotiation is attempted, on Ubuntu 12.04 To manage notifications about this bug go to: https://bugs.launchpad.net/openssl/+bug/965371/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
