What's new

384.10 / OpenSSL / lighttpd

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Huib

Occasional Visitor
I upgraded from 384.9 to .10, which in itself was uneventful. AC68U runs fine, no complaints.

I also ran an opkg update and an opkg upgrade. Hindsight being 20/20 I realize I have set myself up for failure for making multiple changes in a row but perhaps someone has more insight into this:

None of my SSL enabled sites in lightttpd are working. Its new favorite message in the error log is:

(mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection

The regular log doesn't even get hit and the browser shows "Secure Connection Failed"

Would this be because of the dual OpenSLL binaries (libraries?) or would this be an issue with the opkg repo?

Update: some further Googling seems to indicate that this is related to TLS 1.3 and OpenSSL 1.1.1

Last update & fix: confirmed to be related to TLS1.3 introduced in OpenSSL1.1.1. Lighttpd has some issues with it and a workaround for the time being is to use
ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1.2") in your config for lighttpd.

Case closed.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top