Hallo Christoph,
das Problem warum das bei machen Clients klappt und bei machen nicht ist IPv4/IPv6.
Du hast für IPv6 keine Apache Konfiguration, aber der Hostname moodle.gymrhein.de hat einen IPv6 DNS Record. Du musst also entweder den IPv6 DNS Record löschen, oder IPv6 auf dem Webserver deaktivieren, oder einen gültigen IPv6 Apache virtual Host erstellen.
IPv6 geht nicht:
~$ openssl s_client --connect moodle.gymrhein.de:443 -6
CONNECTED(00000003)
140586788143168:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1597730117
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---IPv4 geht:
~$ openssl s_client --connect moodle.gymrhein.de:443 -4
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = moodle.gymrhein.de
verify return:1
---
Certificate chain
0 s:/CN=moodle.gymrhein.de
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISA7Vci06f20BMmquyA67WKHawMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA3MjMxODAzNDNaFw0y
MDEwMjExODAzNDNaMB0xGzAZBgNVBAMTEm1vb2RsZS5neW1yaGVpbi5kZTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKe0YW5R4QfPI6wZjuE5IKyv660d
ZTNL9kIJxG2r7NsNcK1bi6ogyy1N6+FzYTCSFld/KWGudaunhR4zQzJ4tb8jvUH+
zGCi3lLm0PeAmJgYkh8j5JapRQ9xIKnVnKaTufIr2nEaTg2yJQYDYGX4TJqAO0HR
c3fCOK1AvesIoPJt00hWQopWvsUN8OvlQ1r/Gd7uHDLOC9jTKniHpCDmicjBMPIe
UXsNl/woat/0KRUGhdG2Vhw/xyGZiict7t+bK0CmDm6DqBMjcd9fPyVjl5910bwT
H5JUfp6YE5IiMbBkSsfTnvcESB/kmsG8gzFlBkvHuBrdftilu/Qwo1AmLGECAwEA
AaOCAmYwggJiMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUnn66f5EpAJbWIFMlf7g7
6enXs7gwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUH
AQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5
cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5
cHQub3JnLzAdBgNVHREEFjAUghJtb29kbGUuZ3ltcmhlaW4uZGUwTAYDVR0gBEUw
QzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDov
L2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQDw
laRZ8gDRgkAQLS+TiI6tS/4dR+OZ4dA0prCoqo6ycwAAAXN9D1cFAAAEAwBGMEQC
IGpxNrN/653oMvrG7b/rtMMWlZvZPvxpMDs+EOZYJerPAiAIFzY/iGpNQxAuY/i6
pcpPNKThvMZCjYmwkMByTfO5wQB2AAe3XBvlfWj/8bDGHSMVx7rmV3xXlLdq7rxh
Ohpp06IcAAABc30PWSkAAAQDAEcwRQIhAOhkSEr4HSaRs1hTl4SU660tcwvLmkeE
hMXqppgMJWVWAiAsdPthdLCo7Ts0HEbKyfpa/kWFYntaOGMagr55V26v9TANBgkq
hkiG9w0BAQsFAAOCAQEAE2w3fxca5ncHI/HeB982WDz97QhPOtWuokL9iX/DGmH5
d4w8UB/Ii+/BAyNA4g9tB+WMVjfxHRUaH5PsOmWU2hmSwoUjOkqHoRym/AjFX3Yl
w4orA+BdGNHG51krHiAGCenpCi/hbVMCgafdtRzKBZiVDCzqzwxOkN2r9YJocICI
UDDEgdaTWvbvJOVx7VytwMFW7N4lltLav9XPmmg7A2obpgHcNSkPSA9ydkozVQWB
q6QEsJ4tzbfgc84zudOq5IIqot8erMqNifkCxNAG4NFCLuT4XfW/JherSJbK1jzV
kSSHLS/SP9XEgjweeShe7MAe8hWPHB64NdMz85xsEg==
-----END CERTIFICATE-----
subject=/CN=moodle.gymrhein.de
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3201 bytes and written 261 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: 585217F20297FC4AC65619DD9139A5EE905ADB039D3366F1AAFD2CF8B6C87D3E
Session-ID-ctx:
Master-Key: 334944CA8C94716E06AD2AB97B674F1E89F92C862CAA5691E9F29888FED17B5098018430B5502A97E6819F8458C6EA4E
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 5b d9 1d a7 d8 19 fd b4-24 7e 03 75 e7 24 c5 f8 [.......$~.u.$..
0010 - b9 75 2f 33 63 6a 6b 91-ad 86 14 7c 1f 97 45 b9 .u/3cjk....|..E.
0020 - 3b a5 f1 c4 da 9e 32 85-84 49 6f ce 1c e3 1c 54 ;.....2..Io....T
0030 - a6 ac 2a 4c 29 7f 02 74-b1 5d 79 e6 c7 7b 4b 62 ..*L)..t.]y..{Kb
0040 - 3a 69 d2 48 fa 1c d4 d7-ff 57 95 aa 9c 15 c7 9e :i.H.....W......
0050 - 93 5a 96 26 ed f1 d2 d9-d1 19 f7 33 f7 33 cf d3 .Z.&.......3.3..
0060 - c5 19 48 ae 52 a0 2b 16-b6 78 0e 81 2b 57 94 2e ..H.R.+..x..+W..
0070 - 0c 41 02 44 6d 87 f8 0e-ee f5 e4 f7 57 f0 fc 4b .A.Dm.......W..K
0080 - 61 5b a6 64 3a 41 c5 05-32 29 09 d1 e1 34 c3 a5 a[.d:A..2)...4..
0090 - fe 81 4f 77 6f 19 ec 82-a0 9d 89 af 41 ed 87 3a ..Owo.......A..:
00a0 - 32 1e bf c6 33 37 22 2c-4d 90 56 2e 2e bf a8 af 2...37",M.V.....
00b0 - ad 01 70 9e fb 42 fb 5c-90 d6 6e 07 27 ac 5d 31 ..p..B.\..n.'.]1
Start Time: 1597730107
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---Viele Grüße
Klaus