Apache 2.4.37 with openssl 1.1.1: cannot perform post-handshake authentication

apache authentication ssl openssl tls1.3

12,658

Solution 1

The problem is that Firefox doesn't support TLS 1.3 post-handshake authentication. I've reported this issue to Firefox at https://bugzilla.mozilla.org/show_bug.cgi?id=1511989

I'm not suggesting a workaround or fix here; I'm merely telling others who come across this page (as it is high up for this error message in the search results) what the situation is and where to find the latest information as Firefox works to resolve this issue.

Solution 2

In case this helps other, for my reverse proxy test configuration with Apache HTTP 2.4.41 on Windows, I wanted to protect only the balancer-manager URI with client certificate authentication, that I had generated using OpenSSL with CA certs, server certs signed by CA and client cert signed by CA, imported the P12 in my browser.

For my other back end URLs (Spring Boot with AJP enabled and running same application on 2 different set of ports to test balancing via Apache HTTP) that were being proxied, configuration was to do not perform any client certificate authentication.

Accessing https://myhostname.com was working and hitting my back end via balancer, returning the expected response.
Accessing https://myhostname.com/balancer-manager was expected to prompt me for selecting client certificate that I imported earlier, but gave this error on Chrome 80.0 ( and did not work for other browsers as well).

Forbidden You don't have permission to access this resource.Reason: Cannot perform Post-Handshake Authentication.

In Apache error log, it showed:

SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received

In Apache access log, it showed:

GET /balancer-manager HTTP/1.1" 403 199

Non working configuration for Virtual host config in httpd.conf looked like:

<VirtualHost *:443>

    ServerName myhostname.com
    ServerAlias myhostname.com

    SSLEngine on
    SSLCipherSuite ALL:!EXP:!eNULL:!aNULL:!MD5:-LOW:-RC4:-SSLv2:+HIGH:+MEDIUM

    #no certificate authentication required except balancer manager
    SSLVerifyClient none
    SSLVerifyDepth 5
    SSLProtocol all -SSLv3
    SSLCertificateFile "path/to/server/certificate"
    SSLCertificateKeyFile "path/to/server/key"
    SSLCACertificateFile "path/to/CA/certificate"

    <Location "/balancer-manager">
            SSLVerifyClient require
            SetHandler balancer-manager
            Require host myhostname.com
    </Location>


    <Proxy balancer://cluster>
        BalancerMember  ajp://localhost:9090/ loadfactor=25 timeout=1
        BalancerMember  ajp://localhost:9091/ loadfactor=75 timeout=1
        ProxySet lbmethod=byrequests
    </Proxy>

    ProxyPreserveHost off

    ProxyRequests Off
    ProxyPass         /  balancer://cluster/  stickysession=JSESSIONID
    ProxyPassReverse  /  balancer://cluster/  stickysession=JSESSIONID

</VirtualHost>

To fix the issue, change SSLProtocol directive to use:

SSLProtocol -all +TLSv1.2

See these links also

I used TLS 1.2 for tests (TLS 1.1 also worked but recommended to use TLS 1.2 or higher version).

Note:The Apache version 2.4.38 or higher versions support TLS v1.3. You must upgrade Apache packages before enabled TLS 1.3 in SSL settings.

12,658

antoniofr

Updated on June 04, 2022

Comments

antoniofr almost 2 years

I updated apache to last version 2.4.37 and openssl to 1.1.1 and now, when client authenticates, I get this error only with Firefox 63, but not in Chrome:

[ssl:error] AH: verify client post handshake, referer: https://******/login
[ssl:error] AH10158: cannot perform post-handshake authentication, referer: https://******/login
[ssl:error]SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received

I used wireshark to try to find the problem, and I apreciate Firefox uses TLS 1.3, while Chrome uses TLS 1.2. In fact, if I set TLS max version in FF to TLS 1.2, it works fine.

I would like to get TLS 1.3 compatibility or, if it is not yet possible, to force, in my Apache configuration, the client always uses TLS 1.2, but I don't get it :(

This is my apache vhost config file:

[...]

SSLEngine on
SSLCertificateFile      /etc/apache2/ssl/server.crt
SSLCertificateKeyFile   /etc/apache2/ssl/server.key
SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt
SSLCACertificateFile /etc/apache2/ssl/ca.pem
SSLVerifyDepth 3
SSLProtocol TLSv1.2
SSLHonorCipherOrder on

<Directory /var/www/html/>
    Options -Indexes +FollowSymLinks -MultiViews
    AllowOverride All
    Order deny,allow
    Allow from 10.55.12.0/24
    Deny from all
</Directory>

<Files "login-ssl.php">
    SSLVerifyClient optional
    SSLOptions +StdEnvVars +StrictRequire
</Files>

[...]

Can someone help me, please?

Thanks.

Edited

I found the solution. SSLProtocol directive should be in /etc/apache2/mods-enabled/ssl.conf.

telcoM over 4 years

To summarize: since Firefox 68.0 the support has been implemented, but it is disabled by default and needs to be enabled by changing the about:config setting security.tls.enable_post_handshake_auth to true. The reason for this is that TLS 1.3 post-handshake authentication works with HTTP/1.1 but has problems with HTTP/2 multiplexing, and the necessary mechanism to fill the gap for HTTP/2 is still in draft phase.