On Fri, Jun 15, 2018 at 10:09 AM, Yann Ylavic <[email protected]> wrote: >> On Fri, Jun 15, 2018 at 9:38 AM, Yann Ylavic <[email protected]> wrote: >>> On Fri, Jun 15, 2018 at 8:59 AM, Yann Ylavic <[email protected]> wrote: >>>>> On Fri, Jun 15, 2018 at 3:06 AM, Dennis Clarke <[email protected]> >>>>> wrote: >>>>>> >>>>>> [Fri Jun 15 00:59:59.788742 2018] [ssl:error] [pid 2250:tid 27] [client >>>>>> 68.179.116.201:34466] AH02042: rejecting client initiated renegotiation >>>> >>>> This suggests that with TLS 1.3, unlike with previous protocols, the >>>> ssl_callback_Info callback is always called by openssl (some specific >>>> extension only?). httpd is not prepared to that and thinks it's a >>>> client renegotiation. >>>> >>>> I didn't look at TLS 1.3 yet, but something along this looks seems >>>> plausible. >>> >>> For instance, multiple session tickets might call the callback more than >>> once: >>> https://github.com/openssl/openssl/blob/master/ssl/statem/statem_srvr.c#L3785 >>> >>> Since renegotiations are forbidden by TLS 1.3 in the first place >>> (enforced by openssl probably), I think that the check for >>> renegotiations should be disabled in our ssl_callback_Info (for TLS >>> 1.3). > > Dennis, does the attached patch help?
Committed in http://svn.apache.org/r1833588 so updating to latest trunk should be enough.
