#1363 mod_tls_policy incompatible with TLS 1.3

Reporter Zash
Owner Nobody
Created
Updated
Stars ★★ (2)
Tags
  • Type-Defect
  • Priority-Medium
  • Component-Community
  • Status-Accepted
  1. Zash on

    What steps will reproduce the problem? 1. mod_tls_policy with eg FS-policy 2. Establish TLS 1.3 connection anywhere 3. Observe logs What is the expected output? None, should pass. What do you see instead? Server-to-server connection failed: policy-violation (TLS cipher 'TLS_AES_256_GCM_SHA384' not acceptable) Please provide any additional information below. All TLS 1.3 ciphers use a completely different form of the name, making pattern matching an unworkable strategy for policy enforcement.

New comment

Not published. Used for spam prevention and optional update notifications.