Comment 74 for bug 965371

Revision history for this message
Neil Vergottini (nvergottini) wrote :

It appears now I've been bitten by this bug in Apache. I run a pair of reverse proxy servers on 12.04 using Apache. I built these servers last year and they were working fine up until last week when I ran a dist-upgrade to update some packages (specifically apache2 and openssl) to clear up some vulnerabilities identified in a PCI scan. Since then, one of the reverse proxies is unable to connect to an internal WebLogics server due to SSL errors. Using openssl s_client -connect fails, but adding -tls1 works.

According to the Apache 2.2 documentation, I should be able to add "SSLProxyProtocol All -SSLv2 -TLSv1.1 -TLSv1.2" to my reverse proxy virtual server config, but it doesn't like the "-TLSv1.1 -TLSv1.2". I've read that those options are only supported in Apache 2.4.

Now I'm basically stuck. It appears Ubuntu 12.04 has made a change in openssl that is impossible to workaround in the version of Apache provided in Ubuntu 12.04. Downgrading openssl is not an option because I specifically needed the current version to pass the PCI scan. I've asked about updating the WebLogics server, but considering it is a PeopleSoft server, I suspect that is going to be a challenge.