I have an apache 2.4.10 to upgrade to 2.4.12, underlying openssl 0.9.8, with the following SSL configuration:
SSLCipherSuite DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!EXPORT
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
With the upgrade, I want to change the cipher suites to
SSLCipherSuite DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES256-CBC-SHA:TLS_DHE_RSA_WITH_AES_256_CBC_SHA:!EXPORT
Versions of OpenSSL and Java are:
OpenSSL 0.9.8j-fips 07 Jan 2009
java version "1.7.0_03"
Java(TM) SE Runtime Environment (build 1.7.0_03-b04)
Java HotSpot(TM) 64-Bit Server VM (build 22.1-b02, mixed mode)
Obviously, everything should stay the same with all the clients. However, there is a Java 7 SE client which refuses to connect with the new Apache 2.4.12 and the new config, but works with the old one (internal error from client after Server hello done).
Does anyone have some ideas?
0.9.8
you have exactly.