Created attachment 24552 [details] The error log with LogLevel debug After connecting to an URL without client authentication, connection to an URL that requires it start a SSL renegociation several times instead of only once. The exact number of renegociation depends on some unknown factor. I have a full repro procedure from scratch where it will be 2 times, but also a server locally where it is 6 times. I'll attach : - an http.conf that repro the problem - the self-signed certificate and private key of the server - the content of error.log after an instance of this problem - a .cap file of the exchange between the client and the server - the decoding of the exchange with tshark -V -o "ssl.keys_list: 172.30.24.37,443,http,apache/conf/authentication.key" Full repro procedure based on EasyPHP 5.3.0 ( Apache/2.2.13 (Win32) - OpenSSL/0.9.8k ) : - download and install EasyPHP 5.3.0 ( - edit it's default httpd.conf Listen *:443 LoadModule ssl_module modules/mod_ssl.so SSLSessionCache "shmcb:${path}/apache/logs/ssl_scache(512000)" SSLSessionCacheTimeout 3000 SSLCipherSuite AES+RSA+SHA1 NameVirtualHost *:443 <VirtualHost *:443> SSLEngine On SSLCertificateFile "${path}/apache/conf/authentication.cer" SSLCertificateKeyFile "${path}/apache/conf/authentication.key" <Location /authentication/> SSLVerifyClient optional_no_ca SSLVerifyDepth 0 </Location> DocumentRoot "${path}/www" </VirtualHost> - create a index.html file in /www <html><head><title> authentication test </title></head> <body>authentication test<hr> <a href="/authentication" >authentication link</a> </body></html> - create /www/authentication - copy index.html inside /www/authentication - connect firefox to / - follow the link on the page to /authentication - You'll need a client certificate (a sample p12 is included in the repro files) - Have the "remember certificate" option unchecked - Apache will immediately request authentication a second time
Created attachment 24553 [details] A complete package of file, for reproduction, with a full capture of the problem
This is a bug in the handling of "SSLVerifyDepth 0" in per-dir context. mod_ssl is forcing a renegotiation each time because it doesn't cache the verify_depth as zero correctly: [Tue Nov 17 19:54:25 2009] [debug] ssl_engine_kernel.c(423): [client 172.30.25.84] Reduced client verification depth will force renegotiation, referer: https://172.30.24.37/ to fix this either of: a) configure client cert CA verification properly, and remove or increase the SSLVerifyDepth setting, or b) move the SSLVerifyDepth setting to vhost context, outside the <Location> block should work. -- In ssl_hook_Access, the code uses sslconn->verify_depth as the "current" verify depth only if non-zero, otherwise falling back to the vhost's verify depth.
I confirm that using the following configuration works around the problem : <VirtualHost *:443> SSLEngine On SSLCertificateFile "${path}/apache/conf/authentication.cer" SSLCertificateKeyFile "${path}/apache/conf/authentication.key" SSLVerifyDepth 0 <Location /authentication/> SSLVerifyClient optional_no_ca </Location> DocumentRoot "${path}/www" </VirtualHost> Unfortunately, the source of the problem is far from obvious, so I think the work around is not enough.
This said this modification does not fix the other problem with mod_autoindex that Torsten Foertsch signaled. It somehow does significantly reduces the number of renegociations, I get only 2 renegociation whilst there must have been around 10 before (with 10 files and SSLVerifyDepth 0 within the directory context). I opened bug 48228 for this issue.
Yup, I suggest a workaround because I don't (yet) have a patch - it's clearly a bug which can and should be fixed.
Created attachment 24583 [details] Proposed fix (In reply to comment #5) > it's clearly a bug which can and should be fixed. I guess I inadvertently introduced this bug when adding support for handling SNI configurations. The attached patch should adress this issue, I believe. BTW, note that when I was testing a similar configuration with OpenSSL 1.0.0-beta4 and a checkout of OpenSSL_0_9_8-stable, I noticed that these two OpenSSL checkins: http://cvs.openssl.org/chngview?cn=18318 http://cvs.openssl.org/chngview?cn=18320 actually necessitate a backport of either r787722 or r788715, otherwise the renegotiation will stall. I would recommend to include these with 2.2.15.
Thanks Kaspar! So that OpenSSL change is effectively breaking backwards compat? What a PITA.
r1137394
fixed in 2.4.1