Mageia forum

[doktor5000]

Hi!
I'm presently gradually building a new server with Mageia 9. Most of the services are working as expected.
The server also hosts a webdav server requiring apache-mod_ssl. Still not deployed it because I have about 10 remote clients running an old webdav client NetDrive 1.3.4 that does not connect to the new server. It would be very complicated for me to update them, especially since one of them are still on Windows 7. I'm not sure there are any good webdav clients possible to install at the client with windows 7.

The still active webdav server is also a Mageia 9 server on old hardware that has been gradually upgraded from Mageia 6 to Mageia 9 latest.
Other webdav clients like Cyberduck, winscp or latest NetDrive connects perfeclty to the new server as well as a normal browser.
Connecting to the old server works perfectly with the NetDrive client. To try to understand what is the difference between the old an new server I begun compare what open ssl related rpms that differs between the old server and the new.

At the old server the NetDrive client generates the following log in /var/log/httpd/ssl_request.log:

[08/Mar/2025:18:50:40 +0100] 192.168.1.9 TLSv1 ECDHE-ECDSA-AES128-SHA "PROPFIND /webdav/ HTTP/1.1" 1220
[08/Mar/2025:18:50:40 +0100] 192.168.1.9 TLSv1 ECDHE-ECDSA-AES128-SHA "PROPFIND /webdav/ HTTP/1.1" 2426
[08/Mar/2025:18:50:40 +0100] 192.168.1.9 TLSv1 ECDHE-ECDSA-AES128-SHA "PROPFIND /webdav/ HTTP/1.1" 1706
[08/Mar/2025:18:50:40 +0100] 192.168.1.9 TLSv1 ECDHE-ECDSA-AES128-SHA "PROPFIND /webdav/ HTTP/1.1" 1706
[08/Mar/2025:18:50:40 +0100] 192.168.1.9 TLSv1 ECDHE-ECDSA-AES128-SHA "PROPFIND /webdav/ HTTP/1.1" 314
[08/Mar/2025:18:50:45 +0100] 192.168.1.9 TLSv1 ECDHE-ECDSA-AES128-SHA "PROPFIND /webdav/Ny%20mapp/ HTTP/1.1" 1197
[08/Mar/2025:18:50:45 +0100] 192.168.1.9 TLSv1 ECDHE-ECDSA-AES128-SHA "PROPFIND /webdav/ HTTP/1.1" 1706

At the new server not any traces of connection or errors are found in /var/log/httpd/access.log , /error.log or /ssl_request.log. Seems that the NetDrive client not even tries to connect to the server.

I found the following rpms installed at the old server but not at the new:
lib64compat-openssl10_1.0.0, version 1.0.2u 1.2.mga7
lib64openssl-engines1.0.0 1, version 1.0.2r 1.mga6.rpm
lib64openssl1.1, version 1.1.1v 1.mga8.rpm
python2-openssl version 18.0.0 2mga.rpm

Can the reason to the connection problems be that the present version of apache-mod_ssl does not support the old NetDrive client? Maybe the old client has a depracated ssl-protocol? It seems to be using Tlsv1. Is there any way to find the above rpm:s and install them on the new server for testing? I searched different repositories without success. Are there any specifical methods to log openssl? Any other hints?

[doktor5000]

Maybe the old client has a depracated ssl-protocol? It seems to be using Tlsv1. Is there any way to find the above rpm:s and install them on the new server for testing?

This usually comes to down to what the client offers and what the server supports. Easiest to find out would probably be to locally run nmap with the ssl-enum-ciphers script to test the ciphers that your apache supports: https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
You could also test for each one individually: https://superuser.com/a/224263/365864
Then check what your clients support, and find the common denominator or some ciphers that are supported by the older clients.

You may need to increase apache loglevel or run it in debug mode to see the connection attemps which might be rejected due to unsupported ciphers.