Apache 2.4.20 and SSL

Moderator: cah

Post Reply
cah
General of the Army / Fleet Admiral / General of the Air Force
General of the Army / Fleet Admiral / General of the Air Force
Posts: 1342
Joined: Sun Aug 17, 2008 5:05 am

Apache 2.4.20 and SSL

Post by cah »

Finally got Apache 2.4.20 to compile with all the other rerequisites (apr, apr-iconv, apr-util, pcre, php).
I also managed to get the https to work.

In /usr/local/apache2/conf/extra/httpd-ssl.conf, I can add vhost section like below:

Code: Select all

<VirtualHost *:443>
    ServerAdmin shop@hsiao.net
    DocumentRoot /export/home/www/html/cah/shop
    ServerName shop.hsiao.net
    ErrorLog /export/home/cah/logs/error_log_sho_sslp
    CustomLog /export/home/cah/logs/access_log_shop_ssl combined
    HostnameLookups on

SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/shop.hsiao.net-20160427192908.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/shop.hsiao.net-20160427192908.key
SSLProtocol +TLSv1.2  +TLSv1.1  +TLSv1
SSLProxyProtocol +TLSv1.2  +TLSv1.1  +TLSv1
</VirtualHost>
I had to force SSLProtocol to use TLSV1.2, TLSv1.1 and TLSv1 and then chrome and IE would work.
However, the problematic Firefox keeps giving error/warning:

Code: Select all

Secure Connection Failed

An error occurred during a connection to shop.hsiao.net. The server rejected the handshake because the client downgraded to a lower TLS version than the server supports. Error code: SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT

* The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
* Please contact the website owners to inform them of this problem.
If other browsers have no problem with self-signed certificates, why would Firefox care?
CAH, The Great
Top
Post Reply

Return to “Technology / 科技交流”