And thanks for your help and I would like to know if someone has faced this issue, I don't success to configure my SSL configuration for OHS, it seems that TLSV1.2 only doesn't work .
My OHS is embedeed with a weblogic 12C
See below my configuration
###################################################################
# Oracle HTTP Server mod_ossl configuration file: ssl.conf #
###################################################################
# The Listen directive below has a comment preceding it that is used
# by tooling which updates the configuration. Do not delete the comment.
#[Listen] OHS_SSL_PORT
Listen 8443
<IfModule ossl_module>
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use, second the expiring timeout (in seconds) and third
# the mutex to be used.
SSLSessionCache "shmcb:${ORACLE_INSTANCE}/servers/${COMPONENT_NAME}/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<IfModule !mpm_winnt_module>
Mutex pthread ssl-cache
</IfModule>
##
## SSL Virtual Host Context
##
#[VirtualHost] OHS_SSL_VH
<VirtualHost *:8443>
<IfModule ossl_module>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional and require.
SSLVerifyClient None
# SSL Protocol Support:
# Configure usable SSL/TLS protocol versions.
SSLProtocol +TLSv1.2 nzos_Version_3_0_With_2_0_Hello nzos_Version_3_0
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# SSL Certificate Revocation List Check
# Valid values are On and Off
SSLCipherSuite ALL
SSLCRLCheck Off
#Path to the wallet
SSLWallet "/data/as/Certificates/OHS"
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]"
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
</IfModule>
</VirtualHost>
See below the errors when I tried to connect with the URL ?
2021-02-04T19:12:18.2523+01:00] [OHS] [ERROR:32] [OH99999] [ossl] [client_id: 172.21.0.68] [host_id: lpacs122] [host_addr: 172.21.20.79] [pid: 29658] [user: as] [VirtualHost: localhost:8443] OHS:2079 Client SSL handshake error, nzos_Handshake returned 29039(server localhost:8443)
[2021-02-04T19:12:18.2523+01:00] [OHS] [ERROR:32] [OH99999] [ossl] [host_id: lpacs122] [host_addr: 172.21.20.79] [pid: 29658] [user: as] [VirtualHost: localhost:8443] OHS:2171 NZ Library Error: SSL negotiation error [Hint: too restrictive SSLCipherSuite]
Does someone has faced this issue ?
Many Thanks for yor help
question from:
https://stackoverflow.com/questions/66059928/configure-ohs-weblogic-12c-apache-to-support-tlsv2-only 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
