Problems with the use of OpenSSL by Apache

Source: Internet
Author: User

An Android app uses HTTPS to access two servers, with different results.

First set of ip:192.168.22.119
Version: OpenSSL 0.9.8e-fips-rhel5 2008
(Android STB) ==> OK

[21/oct/2014:13:52:57 +0800] 192.168.3.33 TLSv1 rc4-md5 "get/cgi-bin/server_cgi?name=0022f42

Second set of ip:192.168.22.129
Version: OpenSSL 1.0.1e-fips 2013
(andriod STB) ==> Fail

[21/oct/2014:03:09:47 +0000] 192.168.3.33 TLSv1 rc4-md5 "get/cgi-bin/server_cgi?name=0022f42

Error Log:

[ERROR] Hostname ABC.upgrade.com provided via SNI and Hostname abc.upgrade.com provided via HTTP is different

But with the browser normal

(Chrome) ==> OK

[21/oct/2014:04:06:08 +0000] 192.168.2.7 TLSv1.2 dhe-rsa-aes128-gcm-sha256 "get/cgi-bin/server_cgi?name=aaa

(IE) ==> OK

[21/oct/2014:05:56:34 +0000] 192.168.2.2 TLSv1 Aes128-sha "get/cgi-bin/server_cgi?name=0018050

First figure out what is SNI (Server Name indication)?
Reference SSL with Virtual Hosts Using SNI
Clients the requested hostname contained in the first message of the SSL handshake, the server determines the correct named virtual host based on this hostname, so that the connection can continue to be established

To support SNI
1. Requires OpenSSL 0.9.8f or later
2. The client browser must also support SNI

On Apache Bugzilla There is this BUG:SSL module does not does the case insensitive URI comparison
The reason is that comparing SNI name and Http name is case-sensitive

MORE: Different browser TLS version is different, there are V1, V1.2 and so on. The encryption algorithms that are supported are not the same.

Problems with the use of OpenSSL by Apache

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.