https://bz.apache.org/bugzilla/show_bug.cgi?id=62691#c5 "Moving "SSLVerifyClient require" outside of the <Location> block instantly returns the document. So it does appear to be ONLY the renegotiation case. "
That works here too, in my simple test case. I had this location directive: <Location /> SSLVerifyClient require Require ssl-verify-client </Location> By moving SSLVerifyClient to the vhost level, i.e., the whole site requires it, then re-negotiation isn't triggered and access works without a timeout. ** Bug watch added: bz.apache.org/bugzilla/ #62691 https://bz.apache.org/bugzilla/show_bug.cgi?id=62691 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1833039 Title: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1 Status in apache2 package in Ubuntu: Confirmed Status in openssl package in Ubuntu: Confirmed Bug description: I am using Apache2 with client certificate authentication. Since recently (last week) and without any configuration changes, the following errors occur frequently: AH02042: rejecting client initiated renegotiation Client connections are very slow and sometimes it takes more than a minute until a weg page can be opened in the browser. Before installation of the latest security fixes last week, this error did not occur. Could it be related to https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1803689? System information: Description: Ubuntu 18.04.2 LTS Release: 18.04 apache2: Installiert: 2.4.29-1ubuntu4.6 Installationskandidat: 2.4.29-1ubuntu4.6 Versionstabelle: *** 2.4.29-1ubuntu4.6 500 500 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages 100 /var/lib/dpkg/status 2.4.29-1ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu bionic/main amd64 Packages openssl: Installiert: 1.1.1-1ubuntu2.1~18.04.2 Installationskandidat: 1.1.1-1ubuntu2.1~18.04.2 Versionstabelle: *** 1.1.1-1ubuntu2.1~18.04.2 500 500 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.1.0g-2ubuntu4.3 500 500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages 1.1.0g-2ubuntu4 500 500 http://de.archive.ubuntu.com/ubuntu bionic/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp