Apache :: Bug with SSL on mod_http2 1.8.3 & nghttp2 1.17.0

Izomye · Joined: 15 Dec 2016 Posts: 17 Location: Hammerfest

Hello Dear,

i have found the following on my system

Version: Apache 2.4.23
OS: Windows Server 2008 R"
Mod: mod_http2 1.8.3 & nghttp2 1.17.0 VC14

If i used mod_http2 1.8.3 & nghttp2 1.17.0 with a SSL Certificate from Let´s Encrypt and activated OCSP Stapling on the Apache, then is create the Browser on a connect to the website "Secured Session is reset on Server" and you see not more.If the side reloaded more and more, then see you the side. Any refresh later, the problem is the same!

The joke of this. Apache create not an error or other one in the log!

With an older Version of this mod is all ok. If the certificate from an other institute (Example StartSSL), all fine.

Have anyone an idea?

Sorry for my bad einglisch Sad

icing · Joined: 22 Sep 2015 Posts: 41 Location: Münster, Germany

Izomye,

thanks for you report. Sorry that you have troubles with the lastest module. I run it with lets encrypt and ocsp myself on https://www.greenbytes.de and had no problems so far.

Can you increase log levels on http2 and ssl to get more information what is going on? Interesting would be:

LogLevel http2:trace2
LogLevel ssl:trace2

and log a failed connection attempt. The log you can mail to me at icing at apache.org to not disclose sensitive data.

It would also be nice if you could open a ticket at github for this. That makes it more visible for everyone. Thanks!

-Stefan

Steffen

You say: With an older Version of this mod is all ok

Was this test on the same server,
and which version mod_http and mod_http2 & nghttp2,
and which browser ?

Izomye · Joined: 15 Dec 2016 Posts: 17 Location: Hammerfest

With the Version of mod_http2 1.8.0 and nghttp2 1.16.1 was it currently ok.

The test was on the same server and with Mozilla Firefox 50. Vivaldi 1.5 redirect to the standard page of the server, if the get the problem. (is selected from me. I hosting different website per SNI).

I will be check the server again with the loglevels from icing and create a ticket on github with the logs. Is it ok icing?

I will delete sensitive data on the log Smile

. Thanks for your fast help. I will need a while for the logs.

icing · Joined: 22 Sep 2015 Posts: 41 Location: Münster, Germany

Yes, excellent. Awaiting your data.

icing · Joined: 22 Sep 2015 Posts: 41 Location: Münster, Germany

Have not seen anything from you. Did I miss something?

nono303 · Joined: 20 Dec 2016 Posts: 205 Location: Lille, FR, EU

Hi all,

I also have trouble with upgrading mod_http2 (nghttp2 to 1.17.0 from 1.12.0) when upgrading Apache 2.4.23 to 2.4.25
I've described the issue here https://www.apachehaus.com/forum/index.php?topic=1398.0

It does not appear to be linked with certificat or OSCP but with 'Options +Indexes' directive on Location and http2...

If anybody could understand why Apache reset the CNX according to log below.

Thanks in advance!

Regards,

Arnaud

Logs moved to http://apaste.info/gGCdL

icing · Joined: 22 Sep 2015 Posts: 41 Location: Münster, Germany

Can you open a ticket at mod-h2 github or apache bugzilla for this and attach a sample configuration with which you can reproduce the error?

This looks like a weird interference of things...

nono303 · Joined: 20 Dec 2016 Posts: 205 Location: Lille, FR, EU

Here is https://github.com/icing/mod_h2/issues/126

Izomye · Joined: 15 Dec 2016 Posts: 17 Location: Hammerfest

It´s very interesting. Since the update of Version 2.4.25 is my problem solved with OCSP Stapling on yesterday.

But, thanks that you create the ticket on github Smile

.

@Icing. Sorry for my late posting. I have not missing you, i have no time at the moment to create a good log with the problem Sad

.