Re: [users@httpd] Difficulties with testing TLS 1.3
On Fri, Jun 15, 2018 at 10:09 AM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
>> On Fri, Jun 15, 2018 at 9:38 AM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
>>> On Fri, Jun 15, 2018 at 8:59 AM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
>>>>> On Fri, Jun 15, 2018 at 3:06 AM, Dennis Clarke <dclarke@xxxxxxxxxxxxx> wrote:
>>>>>> [Fri Jun 15 00:59:59.788742 2018] [ssl:error] [pid 2250:tid 27] [client
>>>>>> 184.108.40.206:34466] AH02042: rejecting client initiated renegotiation
>>>> This suggests that with TLS 1.3, unlike with previous protocols, the
>>>> ssl_callback_Info callback is always called by openssl (some specific
>>>> extension only?). httpd is not prepared to that and thinks it's a
>>>> client renegotiation.
>>>> I didn't look at TLS 1.3 yet, but something along this looks seems plausible.
>>> For instance, multiple session tickets might call the callback more than once:
>>> Since renegotiations are forbidden by TLS 1.3 in the first place
>>> (enforced by openssl probably), I think that the check for
>>> renegotiations should be disabled in our ssl_callback_Info (for TLS
> Dennis, does the attached patch help?
Committed in http://svn.apache.org/r1833588 so updating to latest
trunk should be enough.