Cosmic verification Confirming the bug with the distro packages: *** 2.4.34-1ubuntu2.1 500 500 http://br.archive.ubuntu.com/ubuntu cosmic-updates/main amd64 Packages
index is downloaded, but after a long delay: # curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.2 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 10918 100 10918 0 0 705 0 0:00:15 0:00:15 --:--:-- 2567 access log confirms the client certificate was used: 10.0.100.50 - - [05/Jul/2019:13:40:32 +0000] "GET / HTTP/1.1" 200 16544 "-" "curl/7.61.0" protocol=TLSv1.2 commonName=client-auth Updating apache and repeating the download: *** 2.4.34-1ubuntu2.2 500 500 http://br.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64 Packages Now it's fast: # curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.2 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 10918 100 10918 0 0 1332k 0 --:--:-- --:--:-- --:--:-- 1332k Log confirms client certificate authentication is still being used: 10.0.100.50 - - [05/Jul/2019:13:58:13 +0000] "GET / HTTP/1.1" 200 16525 "-" "curl/7.61.0" protocol=TLSv1.2 commonName=client-auth The slight difference in downloaded data (16544 vs 16525) is due to less tls keep-alive pings in the success case. The md5 of index.html is identical: # md5sum index.html* 3526531ccd6c6a1d2340574a305a18f8 index.html 3526531ccd6c6a1d2340574a305a18f8 index.html-before Cosmic verification succeeded. ** Tags removed: verification-needed-cosmic ** Tags added: verification-done-cosmic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1833039 Title: 18.04/Apache2: rejecting client initiated renegotiation due to openssl 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs