https://bz.apache.org/bugzilla/show_bug.cgi?id=68863
Bug ID: 68863
Summary: Requests using a DH-key of 2048 bytes are blocked
since httpd/2.4.59
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: paolo.ganci@nevis-security.com
Target Milestone: ---
Created attachment 39648
--> https://bz.apache.org/bugzilla/attachment.cgi?id=39648&action=edit
The SSLCertificateFile and SSLCertificateKeyFile
After upgrading from httpd/2.4.58 to httpd/2.4.59 servers using a DH
certificate with a key size of 2048 bytes may not work any more.
I've got the following ssl configuration:
SSLEngine On
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite DH:!EXPORT56:RC4-MD5:DES-CBC3-SHA:EXP-RC4-MD5
SSLOptions +OptRenegotiate +StdEnvVars
SSLCertificateFile /home/paolo/test/server/keystore/test_2048.pem
SSLCertificateKeyFile /home/paolo/test/server/keystore/test_2048Key.pem
SSLInsecureRenegotiation off
SSLHonorCipherOrder on
SSLSessionTickets off
The OpenSSL version is
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
When starting apache with httpd/2.4.58 and connecting to it via openssl
s_client I get this:
openssl s_client -tls1_2 -connect localhost:44300
...
0:<Server certificate
0:<-----BEGIN CERTIFICATE-----
0:<MIIDODCCAiCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJDSDAe
0:<Fw0yNDA0MDUwODIzNTBaFw0yOTA0MDUwODIzNTBaMBgxFjAUBgNVBAMMDVNpbXBs
0:<ZVRlc3RSZXEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4qi13ZjCg
0:<nCESwyFmRmsq+qEtyxtq3J4vXU6mrGAvU8uq4xsdO//nxtHGvSDfiOHM2+id+NUF
0:<9Bn0PurGsGngzsSqTXzRR8nEa1AYklRkxxWl2s+4Zh5m4Lm4ifACs8fBitBDfVgV
0:<gcYx5+EHPKfbk9RIMeRAidC4EFqRiur9wDLxRPsnSyfpU/lfaHIK+GOYWvh8t4Dy
0:<iVwIC+21CezIG3IzKfAVDQ6eD+TD5VfsjK9zN1F/7D3en0Xdwkm0UAwjfg6jMX6v
0:<dAWkL0x7H0l9KNOTzKW7V9zkFR23+QRWHcvj7R8UTmDPw97kRDBeccfUN5PxsCor
0:<KWOGSRRbr6yjAgMBAAGjgZcwgZQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
0:<BsAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRg2+404TZzjbiZHaQ/lQBFCmg2gzBI
0:<BgNVHSMEQTA/gBRqPOYH/lexZ/vZ7u81zWU1vUvmYaERpA8wDTELMAkGA1UEBhMC
0:<Q0iCFBKEUv96DWJaCMf07DQb3qlaVsa1MA0GCSqGSIb3DQEBCwUAA4IBAQByukU1
0:<awslcvaPgVCaZi78Ch4KTPPMyKBlNkTE4Z1XQvoAbNXHrJvebloZ5Dro2yidjCq0
0:<FKqx0J6bY1xIIf+E/qHqsj5xcKr5RrE43PKpMLxc39zuGeXAf92BMHK+SwVctd9p
0:<ZZeB0ISp2hz4BYb2DGXOt+76bnAutnXQ9L5XAxMk3v75V1DaodqfRUZbTbiny0bB
0:<HD9HLFcKB+HRVXvfAOMBMl9yiz4NokUyUgbF6XJeh9H7JMuz4ZojJkz0ezzVhW/4
0:<t9B6lMcp9rOvNV6ZycgD8U/ToIgtRuCdvSmPCkhA+rCxUCRibra7BZW0rREZFSgo
0:<VA5KodiOcwsisSBd
0:<-----END CERTIFICATE-----
0:<subject=CN = SimpleTestReq
0:<issuer=C = CH
0:<---
0:<No client certificate CA names sent
0:<Peer signing digest: SHA256
0:<Peer signature type: RSA-PSS
0:<Server Temp Key: DH, 2048 bits
0:<---
0:<SSL handshake has read 1749 bytes and written 506 bytes
0:<Verification error: unable to verify the first certificate
0:<---
0:<New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384
0:<Server public key is 2048 bit
0:<Secure Renegotiation IS supported
0:<No ALPN negotiated
0:<SSL-Session:
0:< Protocol : TLSv1.2
0:< Cipher : DHE-RSA-AES256-GCM-SHA384
0:< Session-ID:
0:< Session-ID-ctx:
0:< Master-Key:
98175FDC64B521BE80F5893CB0A46A066941454165A03F6BA3862E797E80BC4EFA1BBBD70304FCDD63C717D778C9B66F
0:< PSK identity: None
0:< PSK identity hint: None
0:< SRP username: None
0:< Start Time: 1712317986
0:< Timeout : 7200 (sec)
0:< Verify return code: 21 (unable to verify the first certificate)
0:< Extended master secret: yes
0:<---
OK
...
But when starting httpd/2.4.59, the connection fails:
openssl s_client -tls1_2 -connect localhost:44300
...
0:<---
0:<no peer certificate available
0:<---
0:<No client certificate CA names sent
0:<---
0:<SSL handshake has read 7 bytes and written 188 bytes
0:<Verification: OK
0:<---
0:<New, (NONE), Cipher is (NONE)
0:<Secure Renegotiation IS NOT supported
0:<No ALPN negotiated
0:<SSL-Session:
0:< Protocol : TLSv1.2
0:< Cipher : 0000
0:< Session-ID:
0:< Session-ID-ctx:
0:< Master-Key:
0:< PSK identity: None
0:< PSK identity hint: None
0:< SRP username: None
0:< Start Time: 1712320231
0:< Timeout : 7200 (sec)
0:< Verify return code: 0 (ok)
0:< Extended master secret: no
0:<---
...
The issue can be easily reproduced with the attached key and certificate.
Many thanks for fixing this issue.
PS: a small side note. When starting the server via openssl_s_server:
openssl s_server -port 44300 -cert
/home/paolo/test/server/keystore/test_2048.pem -key
/home/paolo/test/server/keystore/test_2048Key.pem -cipher
'DH:!EXPORT56:RC4-MD5:DES-CBC3-SHA:EXP-RC4-MD5'
Then the output of the openssl s_client command is the same like when using
httpd/2.4.58.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
Bug ID: 68863
Summary: Requests using a DH-key of 2048 bytes are blocked
since httpd/2.4.59
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: paolo.ganci@nevis-security.com
Target Milestone: ---
Created attachment 39648
--> https://bz.apache.org/bugzilla/attachment.cgi?id=39648&action=edit
The SSLCertificateFile and SSLCertificateKeyFile
After upgrading from httpd/2.4.58 to httpd/2.4.59 servers using a DH
certificate with a key size of 2048 bytes may not work any more.
I've got the following ssl configuration:
SSLEngine On
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite DH:!EXPORT56:RC4-MD5:DES-CBC3-SHA:EXP-RC4-MD5
SSLOptions +OptRenegotiate +StdEnvVars
SSLCertificateFile /home/paolo/test/server/keystore/test_2048.pem
SSLCertificateKeyFile /home/paolo/test/server/keystore/test_2048Key.pem
SSLInsecureRenegotiation off
SSLHonorCipherOrder on
SSLSessionTickets off
The OpenSSL version is
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
When starting apache with httpd/2.4.58 and connecting to it via openssl
s_client I get this:
openssl s_client -tls1_2 -connect localhost:44300
...
0:<Server certificate
0:<-----BEGIN CERTIFICATE-----
0:<MIIDODCCAiCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJDSDAe
0:<Fw0yNDA0MDUwODIzNTBaFw0yOTA0MDUwODIzNTBaMBgxFjAUBgNVBAMMDVNpbXBs
0:<ZVRlc3RSZXEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4qi13ZjCg
0:<nCESwyFmRmsq+qEtyxtq3J4vXU6mrGAvU8uq4xsdO//nxtHGvSDfiOHM2+id+NUF
0:<9Bn0PurGsGngzsSqTXzRR8nEa1AYklRkxxWl2s+4Zh5m4Lm4ifACs8fBitBDfVgV
0:<gcYx5+EHPKfbk9RIMeRAidC4EFqRiur9wDLxRPsnSyfpU/lfaHIK+GOYWvh8t4Dy
0:<iVwIC+21CezIG3IzKfAVDQ6eD+TD5VfsjK9zN1F/7D3en0Xdwkm0UAwjfg6jMX6v
0:<dAWkL0x7H0l9KNOTzKW7V9zkFR23+QRWHcvj7R8UTmDPw97kRDBeccfUN5PxsCor
0:<KWOGSRRbr6yjAgMBAAGjgZcwgZQwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
0:<BsAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBRg2+404TZzjbiZHaQ/lQBFCmg2gzBI
0:<BgNVHSMEQTA/gBRqPOYH/lexZ/vZ7u81zWU1vUvmYaERpA8wDTELMAkGA1UEBhMC
0:<Q0iCFBKEUv96DWJaCMf07DQb3qlaVsa1MA0GCSqGSIb3DQEBCwUAA4IBAQByukU1
0:<awslcvaPgVCaZi78Ch4KTPPMyKBlNkTE4Z1XQvoAbNXHrJvebloZ5Dro2yidjCq0
0:<FKqx0J6bY1xIIf+E/qHqsj5xcKr5RrE43PKpMLxc39zuGeXAf92BMHK+SwVctd9p
0:<ZZeB0ISp2hz4BYb2DGXOt+76bnAutnXQ9L5XAxMk3v75V1DaodqfRUZbTbiny0bB
0:<HD9HLFcKB+HRVXvfAOMBMl9yiz4NokUyUgbF6XJeh9H7JMuz4ZojJkz0ezzVhW/4
0:<t9B6lMcp9rOvNV6ZycgD8U/ToIgtRuCdvSmPCkhA+rCxUCRibra7BZW0rREZFSgo
0:<VA5KodiOcwsisSBd
0:<-----END CERTIFICATE-----
0:<subject=CN = SimpleTestReq
0:<issuer=C = CH
0:<---
0:<No client certificate CA names sent
0:<Peer signing digest: SHA256
0:<Peer signature type: RSA-PSS
0:<Server Temp Key: DH, 2048 bits
0:<---
0:<SSL handshake has read 1749 bytes and written 506 bytes
0:<Verification error: unable to verify the first certificate
0:<---
0:<New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384
0:<Server public key is 2048 bit
0:<Secure Renegotiation IS supported
0:<No ALPN negotiated
0:<SSL-Session:
0:< Protocol : TLSv1.2
0:< Cipher : DHE-RSA-AES256-GCM-SHA384
0:< Session-ID:
0:< Session-ID-ctx:
0:< Master-Key:
98175FDC64B521BE80F5893CB0A46A066941454165A03F6BA3862E797E80BC4EFA1BBBD70304FCDD63C717D778C9B66F
0:< PSK identity: None
0:< PSK identity hint: None
0:< SRP username: None
0:< Start Time: 1712317986
0:< Timeout : 7200 (sec)
0:< Verify return code: 21 (unable to verify the first certificate)
0:< Extended master secret: yes
0:<---
OK
...
But when starting httpd/2.4.59, the connection fails:
openssl s_client -tls1_2 -connect localhost:44300
...
0:<---
0:<no peer certificate available
0:<---
0:<No client certificate CA names sent
0:<---
0:<SSL handshake has read 7 bytes and written 188 bytes
0:<Verification: OK
0:<---
0:<New, (NONE), Cipher is (NONE)
0:<Secure Renegotiation IS NOT supported
0:<No ALPN negotiated
0:<SSL-Session:
0:< Protocol : TLSv1.2
0:< Cipher : 0000
0:< Session-ID:
0:< Session-ID-ctx:
0:< Master-Key:
0:< PSK identity: None
0:< PSK identity hint: None
0:< SRP username: None
0:< Start Time: 1712320231
0:< Timeout : 7200 (sec)
0:< Verify return code: 0 (ok)
0:< Extended master secret: no
0:<---
...
The issue can be easily reproduced with the attached key and certificate.
Many thanks for fixing this issue.
PS: a small side note. When starting the server via openssl_s_server:
openssl s_server -port 44300 -cert
/home/paolo/test/server/keystore/test_2048.pem -key
/home/paolo/test/server/keystore/test_2048Key.pem -cipher
'DH:!EXPORT56:RC4-MD5:DES-CBC3-SHA:EXP-RC4-MD5'
Then the output of the openssl s_client command is the same like when using
httpd/2.4.58.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org