https://bz.apache.org/bugzilla/show_bug.cgi?id=68863
--- Comment #6 from Ruediger Pluem <rpl...@apache.org> --- Can you please check if the below patch fixes your issue? Index: modules/ssl/ssl_engine_init.c =================================================================== --- modules/ssl/ssl_engine_init.c (revision 1916856) +++ modules/ssl/ssl_engine_init.c (working copy) @@ -1346,6 +1346,7 @@ const char *vhost_id = mctx->sc->vhost_id, *key_id, *certfile, *keyfile; int i; EVP_PKEY *pkey; + int done = 0; #ifdef HAVE_ECC EC_GROUP *ecgroup = NULL; int curve_nid = 0; @@ -1518,7 +1519,7 @@ */ certfile = APR_ARRAY_IDX(mctx->pks->cert_files, 0, const char *); if (certfile && !modssl_is_engine_id(certfile)) { - int done = 0, num_bits = 0; + int num_bits = 0; #if OPENSSL_VERSION_NUMBER < 0x30000000L DH *dh = modssl_dh_from_file(certfile); if (dh) { @@ -1546,7 +1547,7 @@ } } #if !MODSSL_USE_OPENSSL_PRE_1_1_API - else { + if (!done) { /* If no parameter is manually configured, enable auto * selection. */ SSL_CTX_set_dh_auto(mctx->ssl_ctx, 1); Can you check if adding explicit DH parameters (created via openssl dhparam 2048) to your certificate file fixes the issue with and without patch? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org