Apache on WS2K3 - TLS loads in Chrome and FF, but handshake fails in IE
I have setup an Apache 2.2.17 on Windows Server 2003 and added a basic html page with mod_ssl.so configurations. I am building this to eventually be a reverse proxy to force TLS only. So the only cipher I have enabled is TLS. I get my page to load in Chrome and Firefox, but in IE 6, 7 and 8, I get a 404 with no entry into the access.log on the apache server.
Using wireshark I can see that the handshake is started by the client and server, but the server just stops responding followed by the client sending repeated Reset requests. I am wondering if this is related to the SNI issues with earlier apache builds. I am using OpenSSL 9.8o, so this should be included.
My goal is to use this server to enable FIPS compliance for legacy servers. If there is a FAQ which can redirect my solution, I will accept that also :)
I have uploaded an export of the wireshark log, unfortunately it won't let me upload a .pcap, so it is in txt. I stopped recording before the usual 15 reset requests were seen, but you can see one at the end of the log. I am 60.107, server is 140.179
TLS-log.txt
Using wireshark I can see that the handshake is started by the client and server, but the server just stops responding followed by the client sending repeated Reset requests. I am wondering if this is related to the SNI issues with earlier apache builds. I am using OpenSSL 9.8o, so this should be included.
My goal is to use this server to enable FIPS compliance for legacy servers. If there is a FAQ which can redirect my solution, I will accept that also :)
I have uploaded an export of the wireshark log, unfortunately it won't let me upload a .pcap, so it is in txt. I stopped recording before the usual 15 reset requests were seen, but you can see one at the end of the log. I am 60.107, server is 140.179
TLS-log.txt
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Turns out I had made an error when creating my SSLCACertificateFile.
Apache Web Server
The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.
21K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
PS if you need FIPS in apache you need to compile a specific version of OpenSSL and then link Apache against that particular version.