Server saying no TLS/SSL protocols available even though mod_ssl/openssl installed and enabled

williamsdb asked:

I am trying to add SSL certs to my server but when I connect via a browser it throws an error (ERR_SSL_PROTOCOL_ERROR in Chrome).

This is confirmed using testssh (https://testssl.sh/)

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      not offered
 TLS 1.1    not offered
 TLS 1.2    not offered
 TLS 1.3    not offered

On the server I can see that mod_ssl and openssl are installed:

sudo yum list installed *ssl*
Loaded plugins: priorities, update-motd, upgrade-helper
Installed Packages
mod24_ssl.x86_64
openssl.x86_64
openssl-devel.x86_64   

This is in my .conf file for the virtual host (*:80 excluded):

<VirtualHost *:443>
  ServerName freedomtospeakup.com
  ServerAlias www.freedomtospeakup.com
  DocumentRoot "/var/www/f2su"
  DirectoryIndex index.php
  ErrorLog /var/log/httpd/f2su-error_log
  CustomLog /var/log/httpd/f2su-access_log combined

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRS
A+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
  SSLCertificateFile /etc/letsencrypt/live/freedomtospeakup.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/freedomtospeakup.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/freedomtospeakup.com/chain.pem

  <Directory "/var/www/f2su">
    AllowOverride All
    Allow from All
  </Directory>
</VirtualHost>

Cert seems to be ok, this is what I get when doing sudo ./certbot-auto certificates

  Certificate Name: freedomtospeakup.com
    Domains: freedomtospeakup.com www.freedomtospeakup.com
    Expiry Date: 2019-10-27 12:53:18+00:00 (VALID: 87 days)
    Certificate Path: /etc/letsencrypt/live/freedomtospeakup.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/freedomtospeakup.com/privkey.pem

This is what I have tried to date:

  • yum update (no packages to update)
  • date (correct)
  • rebooted server (no change)
  • checked firewall to ensure 443 is open (it is)
  • checked ssl.conf with another server where it is working (no differences)

Anything else that I can check?

My answer:


Well, the only obvious problem I see with your SSL configuration is that your SSLCipherSuite is not properly specified. Each cipher should be separated by a colon, but yours have spaces separating them. Replace the spaces with colons and try again. You can also find a continuously updated secure configuration at https://cipherli.st/ , which you may want to bookmark for later use.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.