[Bug 1833039] Re: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1

Dimitri John Ledkov launchpad at surgut.co.uk
Tue Jun 25 21:23:50 UTC 2019 

I think for this ticket we want:

commit b5872f95b64177212b2e129dcae15d91c46abbc8
Author: Yann Ylavic <ylavic at apache.org>
Date:   Fri Jun 15 11:12:19 2018 +0000

    mod_ssl: disable check for client initiated renegotiations with TLS 1.3.
    
    This is already forbidden by the protocol, enforced by OpenSSL, and the
    current logic can't work (ssl_callback_Info() may be called multiple times
    with TLS 1.3).
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833588 13f79535-47bb-0310-9956-ff
a450edef68

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1833039

Title:
  18.04/Apache2: rejecting client initiated renegotiation due to openssl
  1.1.1

Status in apache2 package in Ubuntu:
  Confirmed
Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  I am using Apache2 with client certificate authentication.
  Since recently (last week) and without any configuration changes, the following errors occur frequently:

  AH02042: rejecting client initiated renegotiation

  Client connections are very slow and sometimes it takes more than a minute until a weg page can be opened in the browser.
  Before installation of the latest security fixes last week, this error did not occur.

  Could it be related to
  https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1803689?

  
  System information:

  Description:    Ubuntu 18.04.2 LTS
  Release:        18.04

  apache2:
    Installiert:           2.4.29-1ubuntu4.6
    Installationskandidat: 2.4.29-1ubuntu4.6
    Versionstabelle:
   *** 2.4.29-1ubuntu4.6 500
          500 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
          100 /var/lib/dpkg/status
       2.4.29-1ubuntu4 500
          500 http://de.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

  openssl:
    Installiert:           1.1.1-1ubuntu2.1~18.04.2
    Installationskandidat: 1.1.1-1ubuntu2.1~18.04.2
    Versionstabelle:
   *** 1.1.1-1ubuntu2.1~18.04.2 500
          500 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       1.1.0g-2ubuntu4.3 500
          500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
       1.1.0g-2ubuntu4 500
          500 http://de.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+subscriptions

More information about the foundations-bugs mailing list