Bug 1441614

Summary: mlogc only supports sslv3, no tls 1.x
Product: [Fedora] Fedora EPEL Reporter: Arjan Dekker <a.dekker>
Component: mod_securityAssignee: Othman Madjoudj <athmanem>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: el6CC: athmanem
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: mod_security-2.7.3-5.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-26 21:47:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Arjan Dekker 2017-04-12 10:58:02 UTC 
Description of problem:
I installed mlogc and it fails with a handshake error.
When i lower the encryption standard on the Apache frontend, it works.

See also:
https://sourceforge.net/p/mod-security/mailman/message/33000052/


Version-Release number of selected component (if applicable):
ModSecurity Log Collector (mlogc) v2.7.3
   APR: compiled="1.3.9"; loaded="1.3.9"
  PCRE: compiled="7.8"; loaded="7.8 2008-09-05"
  cURL: compiled="7.19.7"; loaded="libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2"

How reproducible:
Install mlogc and let mlogc send the logs to an Apache frontend with backend application AuditConsole.

Use these encryption settings with Apache:
    SSLHonorCipherOrder On
    SSLCipherSuite HIGH:!SSLv2:!SSLv3:!aNULL
    SSLprotocol ALL -SSLv2 -SSLv3


Actual results:
[Wed Apr 12 12:43:02 2017] [2] [15140/7f2fc40009c8] Flagging server as errored after failure to submit entry WO4EtpF11pQAADsoAwQAAAAB (cURL code 35): SSL connect error

Expected results:
[Wed Apr 12 12:42:31 2017] [3] [15140/7f2fc40009c8] Entry completed (0.197 seconds, 837 bytes): WO4ElpF11pQAADsuAt0AAAAH

Additional info:
When i allow SSLv3 it works, but we prefer not to use it.
I think the mlogc package must be rebuild with the patch mentioned here:
https://sourceforge.net/p/mod-security/mailman/message/33000052/
Comment 1 Fedora Update System 2017-04-26 00:06:57 UTC 
mod_security-2.7.3-5.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b56d84e139
Comment 2 Fedora Update System 2017-04-26 18:47:46 UTC 
mod_security-2.7.3-5.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-b56d84e139
Comment 3 Fedora Update System 2017-05-26 21:47:27 UTC 
mod_security-2.7.3-5.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.