Hiawatha and Chrome https incompatible
26 February 2018, 13:39
I use Hiawatha 10.4 on an embedded board. When I use Hiawatha to be https webserver, Chrome can't connect to my website. It write an SSL_error. If I use IE or firefox, everythings are OK (I just have an error because the name are not OK but you can force the connection).
In my first step to find the error, I install Hiawatha on windows and Abyss webserver and use the same certificat. Chrome with Hiawatha get an error but Abyss don't have the error...
How to find the problem and sole it for Chrome ?
26 February 2018, 22:11
What SSL error do you get?
27 February 2018, 11:37
I have this error : ERR_SSL_PROTOCOL_ERROR.
28 February 2018, 15:42
Did you set MinTLSversion to something other than the default value? I don't use Chrome, so I'm not sure, but could it be because the name is not OK? Perhaps Chrome is more strict on that?
28 February 2018, 17:30
Hello, thank you for your help.
No, I don't set MinTLSversion.
My Hiawatha.conf :
# Hiawatha main configuration file
set INSTALL_DIR = CONFIG_DIR\..
# GENERAL SETTINGS
ConnectionsTotal = 150
ConnectionsPerIP = 10
LogFormat = extended
SystemLogfile = INSTALL_DIR\logfiles\system.log
GarbageLogfile = INSTALL_DIR\logfiles\garbage.log
ExploitLogfile = INSTALL_DIR\logfiles\exploit.log
PIDfile = INSTALL_DIR\work\hiawatha.pid
WorkDirectory = INSTALL_DIR\work
#PasswordFile = basic:c:\hiawatha\passfile\pass.txt
# BINDING SETTINGS
# A binding is where a client can connect to.
# Port = 80
# Interface = 127.0.0.1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
Port = 443
MaxRequestSize = 40000
# RequireTLS = yes
# Interface = ::1
# MaxKeepAlive = 30
TimeForRequest = 120,600
TLScertFile = C:\Hiawatha\tls\server_certificat.pem
# BANNING SETTINGS
# Deny service to clients who misbehave.
#BanOnGarbage = 300
#BanOnMaxPerIP = 60
#BanOnMaxReqSize = 300
#KickOnBan = yes
#RebanDuringBan = yes
# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications.
#CGIhandler = C:\Program Files\PHP5\php-cgi.exe:php
#CGIhandler = INSTALL_DIR\\program\\ssi-cgi.exe:shtml
CGIhandler = C:\Hiawatha\slat_plugin\slt_plugin.exe:slt
#CGIextension = exe
# FastCGIid = PHP5
# ConnectTo = 127.0.0.1:2005
# Extension = php
# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
# ToolkitID = banshee
# RequestURI isfile Return
# Match ^/(css|files|images|js)/ Return
# Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
# Match .*\?(.*) Rewrite /index.php?$1
# Match .* Rewrite /index.php
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
Hostname = 127.0.0.1
WebsiteRoot = C:\Hiawatha\htdocs
StartFile = index.html
ExecuteCGI = yes
TimeForCGI = 10
NoExtensionAs = slt
AccessLogfile = INSTALL_DIR\logfiles\access.log
ErrorLogfile = INSTALL_DIR\logfiles\error.log
Do you have an idea how to find a solution ? I saw frames with Wireshark but I don't know what to do with my measurements.
Do you know what's happen exactly when Firefox or Chrome connect in https ?
In an other forum, they say that Chrome is incompatible with mbedTLS. Is it possible to use openSSL like Apache ?
1 March 2018, 10:24
I don't know which version of mbedTLS is used by Hiawatha 10.4, but the one used by Hiawatha 10.7 works fine with Chrome.
Is there a reason to use the 10.4 version and not the 10.7 ?
1 March 2018, 10:56
I use version 10.4 because I compile it with Yocto and the official version is 10.4. I think, I test to compile hiawatha 10.7 in standalone mode.
2 March 2018, 17:22
I tested the version 10.7 and this version works fine with Chrome.
Thank you very much to Nicolas and Hugo Leisink for their helps.
2 March 2018, 19:32
This topic has been closed.