Cyberduck Mountain Duck CLI

#8074 closed defect (thirdparty)

unrecognized_name alert in TLS handshake

Reported by: marek salwerowicz Owned by: dkocher
Priority: normal Milestone:
Component: webdav Version: Nightly Build
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description

I am using the latest Cyberduck (4.5 / 14875). I try to connect to WebDAV HTTP/SSL server (configred with SSL and VirtualHosts)

The credentials and URI are correct (Work in native windows7 WebDAV client )

I am unable to connect.

I receive the following message: handshake alert: unrecognized_name

In the the Apache server logs I noticed this: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)

Change History (6)

comment:1 Changed on Jul 4, 2014 at 9:20:40 AM by dkocher

  • Component changed from core to webdav
  • Owner set to dkocher
  • Summary changed from WebDAV HTTPS TLS/SNI to unrecognized_name alert in TLS handshake

comment:2 Changed on Jul 4, 2014 at 9:22:56 AM by dkocher

  • Resolution set to thirdparty
  • Status changed from new to closed

This is a configuration issue with Apache HTTPD. Duplicate for #7908.

comment:3 follow-up: Changed on Jul 4, 2014 at 9:26:16 AM by marek salwerowicz

The SNI is enabled be default

the logs are clear: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)

What Java version is used in recent Cyberduck ?

comment:4 in reply to: ↑ 3 ; follow-up: Changed on Aug 29, 2014 at 7:02:15 AM by dkocher

Replying to marek salwerowicz:

The SNI is enabled be default

the logs are clear: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)

We support server name indication for TLS in Cyberduck. That's why the error is received if the virtual host does not match the common name in the certificate.

comment:5 in reply to: ↑ 4 ; follow-up: Changed on Aug 29, 2014 at 7:58:01 AM by marek salwerowicz

Replying to dkocher:

We support server name indication for TLS in Cyberduck. That's why the error is received if the virtual host does not match the common name in the certificate.

How about the case when certificate is for wildcard (eg. "*.example.org" ) and virtual hosts are "site1.example.org" , "site2.example.org", etc... ?

comment:6 in reply to: ↑ 5 Changed on Aug 29, 2014 at 8:00:16 AM by dkocher

Replying to marek salwerowicz:

Replying to dkocher:

We support server name indication for TLS in Cyberduck. That's why the error is received if the virtual host does not match the common name in the certificate.

How about the case when certificate is for wildcard (eg. "*.example.org" ) and virtual hosts are "site1.example.org" , "site2.example.org", etc... ?

That will work. See also my comments in #8199.

Note: See TracTickets for help on using tickets.
swiss made software