You are not logged in.
- Topics: Active | Unanswered
#1 2013-12-30 10:41:44
- Kuci
- Member
- Registered: 2013-03-29
- Posts: 38
- Website
[SOLVED] Apache 2.4 and TLS
Hey guys. I'm happy with my Apache 2.4.7 server, however I'm trying to configure TLS and it doesn't seem to work at all. Only SSLv3 works for me and when I wanna use TLSv1.x, Chromium reports ERR_SSL_VERSION_OR_CIPHER_MISMATCH. I wanna use ECDSA private key and this is the main reason why I upgraded. When I use RSA private key, everything works.
This is my vhost:
<VirtualHost *:443>
ServerName domain.my
SSLEngine on
SSLCertificateFile "/etc/httpd/conf/ssl.crt/server-cert.pem"
SSLCertificateKeyFile "/etc/httpd/conf/ssl.crt/server-key.pem"
SSLProtocol TLSv1.2
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 ..."
VirtualDocumentRoot /home/http/web
<Directory /home/http/web>
Options Indexes FollowSymLinks
AllowOverride All
Order Allow,Deny
Allow from all
Require all granted
</Directory>
</VirtualHost>As you can see, I wanna force TLSv1.2. I have OpenSSL 1.0.1e from official repositories.
Any idea ? I've totally no idea what the problem could be. I use Chromium and TLS works for me - for example Google Plus uses TLSv1.2 and ECDHE_ECDSA.
SOLUTION: I used sect571r1 for my first private key. Apparently, this curve is not suitable for SSL/TLS. Now I use prime256v1 and everything's all right.
Last edited by Kuci (2013-12-30 14:51:36)
Offline