{"id":53509,"date":"2023-10-03T15:37:04","date_gmt":"2023-10-03T06:37:04","guid":{"rendered":"https:\/\/jirak.net\/wp\/?p=53509"},"modified":"2023-10-03T15:37:04","modified_gmt":"2023-10-03T06:37:04","slug":"openssl-problem-sni-after-update-google-chrome-browser","status":"publish","type":"post","link":"https:\/\/jirak.net\/wp\/openssl-problem-sni-after-update-google-chrome-browser\/","title":{"rendered":"[OPENSSL] problem sni after update google chrome browser"},"content":{"rendered":"<h2>problem sni after update google chrome browser<\/h2>\n<p>&nbsp;<\/p>\n<p><strong>\uc99d\uc0c1<\/strong><\/p>\n<ul>\n<li>\ub2e8\uc77c \uc11c\ubc84(openssl+apache) \uad6c\ub3d9\uc911<\/li>\n<li>\ub2e4\uc218\uc758 \ub3c4\uba54\uc778\uc774 \uc124\uc815\ub418\uc5b4 \uc788\uc73c\uba70, \uac01 \ub3c4\uba54\uc778\uc5d0\ub294 SSL\uc778\uc99d\uc11c\uac00 \uc801\uc6a9\ub418\uc5b4 \uc788\uc74c<\/li>\n<li>\uc5ec\ub7ec \ub3c4\uba54\uc778\uc774 443\ud3ec\ud2b8\ub97c \uac19\uc774 \uc0ac\uc6a9\uc911 (by SNI)<\/li>\n<li>\ud06c\ub86c \uc5c5\ub370\uc774\ud2b8 \ud6c4 \uc124\uc815\uc0c1 \uac00\uc7a5 \uccab\ub3c4\uba54\uc778\uc744 \uc81c\uc678\ud55c \ub098\uba38\uc9c0 \ub3c4\uba54\uc778\uc758 &#8220;https:\/\/&#8221;\uc5f0\uacb0\uc774 \ub418\uc9c0 \uc54a\uc74c<\/li>\n<li>\ud06c\ub86c \uc624\ub958 \uba54\uc138\uc9c0 : ERR_SSL_PROTOCOL_ERROR<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\ube0c\ub77c\uc6b0\uc800<\/strong><\/p>\n<ul>\n<li>Google Chrome<\/li>\n<li>Version : 117.0.5938.132<\/li>\n<li>Date : 2023.09.27(??)<\/li>\n<li>\uc774\uc804 \ubc84\uc804\uc758 \ud06c\ub86c\uc5d0\uc11c\ub294 \ubb38\uc81c\uac00 \ubc1c\uc0dd\ud558\uc9c0 \uc54a\uc74c<\/li>\n<li>\uadf8 \uc678 \uc5e3\uc9c0, \ud30c\uc774\ud3ed\uc2a4 \ub4f1\uc758 \ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c\ub294 \ubb38\uc81c\uac00 \ubc1c\uc0dd\ud558\uc9c0 \uc54a\uc74c<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\uc11c\ubc84<\/strong><\/p>\n<ul>\n<li>OS : RHEL6<\/li>\n<li>openssl : openssl-1.0.1e-30.el6.8.x86_64<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\ucc38\uace0<\/strong><\/p>\n<ul>\n<li>RHEL6 :\u00a0<a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1150032\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1150032<\/a><\/li>\n<li>RHEL7 : <a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1150033\">https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1150033<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\uc5c5\ub370\uc774\ud2b8<\/strong><\/p>\n<ul>\n<li>\ud574\uacb0\ubc84\uc804 : openssl-1.0.1e-34.el6<\/li>\n<li>RHEL6 \uc758 \uacbd\uc6b0 \uc774\ubbf8 \uc9c0\uc6d0\uc774 \uc885\ub8cc\ub418\uc5c8\uc73c\ub098<\/li>\n<li>\uc885\ub8cc\uc804 \ub9c8\uc9c0\ub9c9 \ubc84\uc804 openssl-1.0.1e-58.el6_10.x86_64 \uc73c\ub85c \ud328\uce58<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\ud328\uce58 \uc804<\/strong><\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n\r\nopenssl s_client -connect after_2nd_domain:443 -cipher DEFAULT@SECLEVEL=0\r\n(...)\r\nNo client certificate CA names sent\r\nPeer signing digest: SHA1\r\nPeer signature type: RSA\r\nServer Temp Key: ECDH, prime256v1, 256 bits\r\n(...)\r\n\r\n<\/pre>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>\ud328\uce58 \ud6c4<\/strong><\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n\r\nopenssl s_client -connect after_2nd_domain:443 -cipher DEFAULT@SECLEVEL=0\r\n(...)\r\nNo client certificate CA names sent\r\nPeer signing digest: SHA256\r\nPeer signature type: RSA\r\nServer Temp Key: ECDH, prime256v1, 256 bits\r\n(...)\r\n\r\n<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>problem sni after update google chrome browser &nbsp; \uc99d\uc0c1 \ub2e8\uc77c \uc11c\ubc84(openssl+apache) \uad6c\ub3d9\uc911 \ub2e4\uc218\uc758 \ub3c4\uba54\uc778\uc774 \uc124\uc815\ub418\uc5b4 \uc788\uc73c\uba70, \uac01 \ub3c4\uba54\uc778\uc5d0\ub294 SSL\uc778\uc99d\uc11c\uac00 \uc801\uc6a9\ub418\uc5b4 \uc788\uc74c \uc5ec\ub7ec \ub3c4\uba54\uc778\uc774 443\ud3ec\ud2b8\ub97c \uac19\uc774 \uc0ac\uc6a9\uc911 (by SNI) \ud06c\ub86c \uc5c5\ub370\uc774\ud2b8 \ud6c4 \uc124\uc815\uc0c1 \uac00\uc7a5 \uccab\ub3c4\uba54\uc778\uc744 \uc81c\uc678\ud55c \ub098\uba38\uc9c0 \ub3c4\uba54\uc778\uc758 &#8220;https:\/\/&#8221;\uc5f0\uacb0\uc774 \ub418\uc9c0 \uc54a\uc74c \ud06c\ub86c \uc624\ub958 \uba54\uc138\uc9c0 : ERR_SSL_PROTOCOL_ERROR &nbsp; &nbsp; \ube0c\ub77c\uc6b0\uc800 Google Chrome Version : 117.0.5938.132 Date : 2023.09.27(??) \uc774\uc804 \ubc84\uc804\uc758 \ud06c\ub86c\uc5d0\uc11c\ub294 \ubb38\uc81c\uac00 \ubc1c\uc0dd\ud558\uc9c0 \uc54a\uc74c \uadf8 \uc678 \uc5e3\uc9c0, \ud30c\uc774\ud3ed\uc2a4 \ub4f1\uc758 \ube0c\ub77c\uc6b0\uc800\uc5d0\uc11c\ub294 \ubb38\uc81c\uac00 \ubc1c\uc0dd\ud558\uc9c0 \uc54a\uc74c &nbsp; &nbsp; \uc11c\ubc84 OS : RHEL6 openssl : openssl-1.0.1e-30.el6.8.x86_64 &nbsp; &nbsp; \ucc38\uace0 RHEL6 :\u00a0https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1150032 RHEL7 : https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1150033 &nbsp; &nbsp; \uc5c5\ub370\uc774\ud2b8 \ud574\uacb0\ubc84\uc804 : openssl-1.0.1e-34.el6 RHEL6 \uc758 \uacbd\uc6b0 \uc774\ubbf8 \uc9c0\uc6d0\uc774 \uc885\ub8cc\ub418\uc5c8\uc73c\ub098 \uc885\ub8cc\uc804 \ub9c8\uc9c0\ub9c9 \ubc84\uc804 openssl-1.0.1e-58.el6_10.x86_64 \uc73c\ub85c \ud328\uce58 &nbsp; &nbsp; &nbsp; \ud328\uce58 \uc804 openssl s_client -connect after_2nd_domain:443 -cipher DEFAULT@SECLEVEL=0 (&#8230;) No client certificate CA names sent Peer signing digest: SHA1 Peer signature type: RSA Server Temp Key: ECDH, prime256v1, 256 bits (&#8230;) <a class=\"mh-excerpt-more\" href=\"https:\/\/jirak.net\/wp\/openssl-problem-sni-after-update-google-chrome-browser\/\" title=\"[OPENSSL] problem sni after update google chrome browser\">[ more&#8230; ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":31320,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[249],"tags":[1763,214,170,1762],"class_list":["post-53509","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-chrome","tag-linux","tag-openssl","tag-sni"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/53509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=53509"}],"version-history":[{"count":3,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/53509\/revisions"}],"predecessor-version":[{"id":53512,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/53509\/revisions\/53512"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media\/31320"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=53509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=53509"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=53509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}