1

I'm trying to switch my webserver (Apache 2.4.34 from Debian testing) from mod_ssl to mod_gnutls for TLS1.3 support. I tried the mod_gnutls 0.8.4, libgnutls 3.5.19 (up to TLS 1.2 only of course) from Debian testing and the latest from experimental (with or without TLS 1.3 enabled)

My configuration

GnuTLSEnable            On
GnuTLSPriorities        PFS:-3DES-CBC:%SERVER_PRECEDENCE
(GnuTLSDHFile            /etc/ssl/dh4096.pem)
GnuTLSCertificateFile   /etc/ssl/fullchain.pem
GnuTLSKeyFile           /etc/ssl/privkey.pem
(GnuTLSExportCertificates on)

The settings in () I tried with and without them.

I even tried the GnuTLSPriorities from the Mozilla wiki and various others but when I enable GnuTLS the TLS handshake failed with all recent browsers. SSLabs scan also confirms this. There should be plenty of supported ciphers active. It seems I'm missing some important setting here. Any ideas?

Firefox just says: SSL_ERROR_RX_UNKNOWN_ALERT

SSLabs Result

Patrick Mevzek
  • 10,995
  • 16
  • 38
  • 54
SQ_SEN
  • 51
  • 5
  • "the TLS handshake failed with all recent browsers. SSLabs scan also confirms this." from your image, SSLabs seems to connect just fine over TLS 1.0 1.1 and 1.2, just not for 1.3. Did you try `openssl s_client` to debug locally (a sufficiently recent one to have TLS1.3)? Also it may just that browsers do not speak the same "version" (while TLS1.3 was drafted - it is only a sanctioned standard since a few day - each draft version used a different TLS "version" during handshake) – Patrick Mevzek Aug 16 '18 at 17:03
  • You could also sniff the beginning of the TLS handshake with wireshark or equivalent. – Patrick Mevzek Aug 16 '18 at 17:04
  • From source code this error in Firefox is when: *SSL received an alert record with an unknown alert description.* The alert is sent by the server, so this has to be diagnosed. – Patrick Mevzek Aug 16 '18 at 17:07
  • There is no new version of GnuTLS since the draft became a standard and on https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html I read "In the master branch of GnuTLS, TLS 1.3 is not enabled by default. An application can enable it with a priority string like the following: "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2". That step will not be necessary once the draft is finalized." Maybe that helps. – Patrick Mevzek Aug 16 '18 at 17:08
  • Thanks so far for all the replies. The screenshot from SSLabs was taken with version 3.5.19 running (without TLS 1.3). TLS 1.3 was the reason to try GnuTLS and of course there could be some issues with the draft versions but I'm wondering why GnuTLS fails even with TLS 1.2 and current browsers. – SQ_SEN Aug 20 '18 at 07:49

0 Answers0