1

With the following config (note the SSLVerifyClient require inside the <Location "/"> block:

<VirtualHost x.x.x.x:443> SSLEngine on SSLVerifyDepth 5 SSLProtocol +TLSv1.2 +TLSv1.3 SSLCipherSuite HIGH:!DH:!DES:!SSLv2:!PSK:!SRP:!RC2:!RC4:!MD5:!LOW:!EXPORT:!eNULL:!aNULL SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256 SSLCertificateFile /usr/local/etc/ssl/certs/xxxxx.0 SSLCACertificatePath /usr/local/etc/ssl/ca SSLCACertificateFile /usr/local/etc/ssl/xxxxx.pem ErrorLog /var/log/httpd-ssl.log LogLevel debug <Location "/"> SSLVerifyClient require </Location> ... </VirtualHost>

The web page load fails with 403 Forbidden and a message on the screen "Reason: Cannot perform Post-Handshake Authentication", and in the ssl debug log:

AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_128_GCM_SHA256 (128/128 bits) AH02034: Initial (No.1) HTTPS request received for child 10 (server xxxx.com:443) AH10129: verify client post handshake AH10158: cannot perform post-handshake authentication SSL Library Error: error:0A000117:SSL routines::extension not received

However if I remove the <Location "/"> and just put the SSLVerifyClient require directly in the <VirtualHost> block -- everything seems to work fine. This (I think) proves that the certs/ciphers are all ok.

I don't understand why it works this way and not the other, but I'm fine with it so long as doing this (omitting the <Location "/"> block) doesn't break something. I only have one host defined anyway so I'm wondering if the two scenarios are identical or if having <Location "/"> in a single-host setup makes some difference.

Improve this question

1 Answer 1

Reset to default
2

VerifyClient at server or vhost scope requests client-auth during the (initial) handshake, but at a smaller scope it does so after the HTTP request (because that's when it learns the requested URL) which for TLS1.3 requires client give permission by an extension and the client in your case didn't, hence "extension not received".

PS: when your protocol selection doesn't include SSLv2 there is no need to exclude its ciphers because they are disjoint from those for all higher protocols -- and on any version of OpenSSL that supports TLS1.3 (which is 1.1.1 up) it is impossible to select SSLv2 even if you try, the code is completely gone since 1.1.0. Once you have specified HIGH and no other additions, you don't need to exclude any of !eNULL !LOW !EXPORT !DES !RC2 !RC4 !MD5 . You don't need to exclude !SRP because you're not supplying the additional data it would need, nor !PSK because Apache can't use it in the first place. Thus all you need is SSLCipherSuite HIGH:!DH:!aNULL. And in practice no client asks for aNULL so you don't really need to exclude that.

Improve this answer
2
  • Thanks for the answer - do you know if by "extension" that means an extension in the client certificate - e.g. can I craft a certificate that will make the post-handshake method work? Commented Jul 17 at 10:20
  • That's an extension in the TLS protocol; 4.2.6 is a subsection of 4.2 which is all about protocol extensions, which are implemented by the code of the TLS implementation, in this case on the client, but sometimes affected by configuration options, so you might look for that. Commented Jul 18 at 7:01

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.