I’ve been debugging a weird problem at work – after upgrading a complex system from lenny to wheezy, some https clients failed to connect: GNU wget and Debian’s version of lynx(1) which is linked against libgnutls26 fail. NSS applications continue to work, as does cURL; wget and lynx on MirBSD (linked with OpenSSL of course) work. Even Debian’s gnutls-cli tools from both gnutls26 and gnutls28 work. Huh. The error_log shows renegotiation problems, yet setting the new Apache 2 configuration option to “use insecure renegotiation” doesn’t help either. (The option is a total #FAIL: its only other value is “use secure TLSv1.x renegotiation”, but I don’t want/need SSL renegortiation at all, anyway.) Natureshadow told me this was a hot issue on Debianforum at the moment, yet, nobody had a clue or enough information to file a formal bugreport against (initially) apache2, as that’s what changed. I tracked it down on a new VM with no configuration otherwise, and here are my findings so others don’t run into it.
Tracking down the problem, this can be reduced to the following configuration (minimised, to show the problem) in /etc/apache2/sites-enabled/1one:
<VirtualHost *:443> ServerName wiki-70.lan.tarent.de RedirectMatch permanent . https://evolvis-70.lan.tarent.de/ SSLEngine on SSLCertificateFile /etc/ssl/W_lan_tarent_de.cer SSLCertificateKeyFile /etc/ssl/private/W_lan_tarent_de.key SSLCertificateChainFile /etc/ssl/godaddy.ca </VirtualHost>
Do not mind the actual content, this is a very stripped-down demo on a not-actually-set-up-yet box.
Same is valid for the companion configuration file /etc/apache2/sites-enabled/2two:
NameVirtualHost *:443 <VirtualHost *:443> ServerName evolvis-70.lan.tarent.de SSLEngine on # workaround for BEAST (CVE-2011-3389), short-term SSLCipherSuite RC4-SHA SSLCertificateFile /etc/ssl/W_lan_tarent_de.cer SSLCertificateKeyFile /etc/ssl/private/W_lan_tarent_de.key SSLCertificateChainFile /etc/ssl/godaddy.ca SSLProtocol TLSv1 </VirtualHost>
Turns out the BEAST workaround was at fault here: the differing SSLCipherSuites between the vhosts (on the same Legacy IP / TCP Port tuple, as we use Wildcard SSL Certificates) made Apache 2 want to renegotiate, so either commenting it on 2two or, better, adding it to 1one helped. Interestingly enough, the SSLProtocol directive did not matter (in my tests).
So, keep SSL settings synchronised between vhosts. In fact, those were already from include files, but 2two was from the “Evolvis 5” generation, whereas we added to 1one an Include of the httpd.ssl1.inc file generated by the previous releases of EvolvisForge and had not switched those legacy vhosts to the new configuration, as everything worked on lenny.
Update 17.05.2013 – Absolutely do not use RC4-SHA for SSL/TLS (https)! It can leak over 200 initial plaintext bytes easily. (arc4random(3) is not affected from this, especially on MirBSD, nor arc4random(9).)