Public bug reported: System: Ubuntu 18.04.3 LTS ppa:ondrej/apache2 NOT default Ubuntu source.
I am using apache2 as a reverse proxy for the diaspora social network. It appears to only affect this site, and none of the other sites (Mastodon, Peertube, Wordpress, YOURLS, and Friendica to name a few). On version 2.4.38, I can connect to sites using TLSv1.3 from Firefox and Chrome. If you were to use `curl -v https://diaspora.my.domain` you would receive output like: ``` * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): ``` And after updating to 2.4.41: ``` user@comp:~$ curl -v https://diaspora.my.domain * Rebuilt URL to: https://diaspora.my.domain/ * Trying pub.lic.ip.adr... * TCP_NODELAY set * Connected to diaspora.my.domain (pub.lic.ip.adr) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS Unknown, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Unknown (8): * TLSv1.3 (IN), TLS Unknown, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS Unknown, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS Unknown, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Client hello (1): * TLSv1.3 (OUT), TLS Unknown, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=diaspora.my.domain * start date: Sep 3 19:43:07 2019 GMT * expire date: Dec 2 19:43:07 2019 GMT * subjectAltName: host "diaspora.my.domain" matched cert's "diaspora.my.domain" * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * TLSv1.3 (OUT), TLS Unknown, Unknown (23): * TLSv1.3 (OUT), TLS Unknown, Unknown (23): * TLSv1.3 (OUT), TLS Unknown, Unknown (23): * Using Stream ID: 1 (easy handle 0x55df26b776b0) * TLSv1.3 (OUT), TLS Unknown, Unknown (23): > GET / HTTP/2 > Host: diaspora.my.domain > User-Agent: curl/7.58.0 > Accept: */* > * TLSv1.3 (IN), TLS Unknown, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS Unknown, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS Unknown, Unknown (23): * Connection state changed (MAX_CONCURRENT_STREAMS updated)! * TLSv1.3 (OUT), TLS Unknown, Unknown (23): ``` Behaviour: The website will load from cache, then never load. If no cache is used, the website never loads and eventually you get a server is not responding. ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New ** Tags: apache2 diaspora ondrej ppa ** Package changed: php-console-table (Ubuntu) => apache2 (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1848577 Title: Apache2 2.4.41 Causes TLSv1.3 Errors and Disconnects To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1848577/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
