enterprise-support team mailing list archive

Thread
Date

[Bug 1833896] [NEW] Ubuntu 18.04: slow page loads with client cert auth after upgrade to openssl 1.1.1

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1833896@xxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Jun 2019 05:51:49 -0000
Reply-to: Bug 1833896 <1833896@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

After upgrade to openssl 1.1.1 on Ubuntu 18.04 i encountered slow page
loads (>15 sec delay for each GET) when client cert auth is used.

Apache logs show delays like this (LogLevel debug):

[Fri Jun 21 11:36:13.760861 2019] [socache_shmcb:debug] [pid 14032] mod_socache_shmcb.c(516): AH00834: leaving socache_shmcb_store successfully
[Fri Jun 21 11:36:30.229486 2019] [authz_core:debug] [pid 14032] mod_authz_core.c(835): [client XXX.XXX.XXX.XXX:XXXX] AH01628: authorization result: granted (no directives)

This appears to be a problem in apache that has been triggered with
Openssl 1.1.1 and was fixed in 2.4.34, see

https://bz.apache.org/bugzilla/show_bug.cgi?id=62691

The workaround mentioned there worked for me, so after moving the
"SSLVerifyClient require" part out of an LocationMatch block into the
containing VirtualHost stopped the delays instantly.


Thanks a lot!
Andreas


Ubuntu 18.04
apache2 2.4.29-1ubuntu4.6
openssl 1.1.1-1ubuntu2.1~18.04.3

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Ubuntu 18.04: slow page loads with client cert auth after upgrade to openssl 1.1.1
https://bugs.launchpad.net/bugs/1833896
You received this bug notification because you are a member of Ubuntu Server/Client Support Team, which is subscribed to apache2 in Ubuntu.