Disable: #HSTS Header Header always set Strict-Transport-Security: "max-age=63072000; includeSubDomains; preload" => Still triggering ...
Disable: #Enable http2 Protocols h2 http/1.1 # AND SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) => Still triggering ... Disable (in mod and site config): SSLSessionTickets off SSLOpenSSLConfCmd Options +PrioritizeChaCha => Still triggering ... Disable (in mod and site config): SSLHonorCipherOrder on SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!DSS SSLOpenSSLConfCmd Curves X448:X25519:P-256:P-384 SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparam.pem" => Still triggering ... This matches my comment #2 config now. So the flaky part was the one time it worked find on the initial run? Retrying two more times ... Yeah base config still triggers the issue ... So other than first assumed it was either a) not the config OR b) we needed to run multiple tests to enter some bad state (but apache restarts in between) In any of the abvoe cases, @andreas you can use the system to test and builds that you have. Just take a potential pass with a grain of salt and rerun it a few times. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1836329 Title: Regression running ssllabs.com/ssltest causes 2 apache process to eat up 100% cpu, easy DoS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1836329/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
