logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Bug with SSL on mod_http2 1.8.3 & nghttp2 1.17.0

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Thu 15 Dec '16 22:53    Post subject: Bug with SSL on mod_http2 1.8.3 & nghttp2 1.17.0 Reply with quote

Hello Dear,

i have found the following on my system

Version: Apache 2.4.23
OS: Windows Server 2008 R"
Mod: mod_http2 1.8.3 & nghttp2 1.17.0 VC14

If i used mod_http2 1.8.3 & nghttp2 1.17.0 with a SSL Certificate from Let´s Encrypt and activated OCSP Stapling on the Apache, then is create the Browser on a connect to the website "Secured Session is reset on Server" and you see not more.If the side reloaded more and more, then see you the side. Any refresh later, the problem is the same!

The joke of this. Apache create not an error or other one in the log!

With an older Version of this mod is all ok. If the certificate from an other institute (Example StartSSL), all fine.


Have anyone an idea?

Sorry for my bad einglisch Sad
Back to top
icing



Joined: 22 Sep 2015
Posts: 38
Location: Münster, Germany

PostPosted: Fri 16 Dec '16 11:31    Post subject: Reply with quote

Izomye,

thanks for you report. Sorry that you have troubles with the lastest module. I run it with lets encrypt and ocsp myself on https://www.greenbytes.de and had no problems so far.

Can you increase log levels on http2 and ssl to get more information what is going on? Interesting would be:

LogLevel http2:trace2
LogLevel ssl:trace2

and log a failed connection attempt. The log you can mail to me at icing at apache.org to not disclose sensitive data.

It would also be nice if you could open a ticket at github for this. That makes it more visible for everyone. Thanks!

-Stefan
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2749
Location: Hilversum, NL, EU

PostPosted: Fri 16 Dec '16 11:56    Post subject: Reply with quote

You say: With an older Version of this mod is all ok

Was this test on the same server,
and which version mod_http and mod_http2 & nghttp2,
and which browser ?
Back to top
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Fri 16 Dec '16 12:51    Post subject: Reply with quote

With the Version of mod_http2 1.8.0 and nghttp2 1.16.1 was it currently ok.

The test was on the same server and with Mozilla Firefox 50. Vivaldi 1.5 redirect to the standard page of the server, if the get the problem. (is selected from me. I hosting different website per SNI).

I will be check the server again with the loglevels from icing and create a ticket on github with the logs. Is it ok icing?

I will delete sensitive data on the log Smile. Thanks for your fast help. I will need a while for the logs.
Back to top
icing



Joined: 22 Sep 2015
Posts: 38
Location: Münster, Germany

PostPosted: Fri 16 Dec '16 12:59    Post subject: Reply with quote

Yes, excellent. Awaiting your data.
Back to top
icing



Joined: 22 Sep 2015
Posts: 38
Location: Münster, Germany

PostPosted: Mon 19 Dec '16 11:15    Post subject: Reply with quote

Have not seen anything from you. Did I miss something?
Back to top
nono303



Joined: 20 Dec 2016
Posts: 86
Location: France, Lille

PostPosted: Tue 20 Dec '16 18:40    Post subject: Reply with quote

Hi all,

I also have trouble with upgrading mod_http2 (nghttp2 to 1.17.0 from 1.12.0) when upgrading Apache 2.4.23 to 2.4.25
I've described the issue here https://www.apachehaus.com/forum/index.php?topic=1398.0

It does not appear to be linked with certificat or OSCP but with 'Options +Indexes' directive on Location and http2...

If anybody could understand why Apache reset the CNX according to log below.

Thanks in advance!

Regards,

Arnaud

Logs moved to http://apaste.info/gGCdL


Last edited by nono303 on Wed 21 Dec '16 11:41; edited 1 time in total
Back to top
icing



Joined: 22 Sep 2015
Posts: 38
Location: Münster, Germany

PostPosted: Tue 20 Dec '16 19:08    Post subject: Reply with quote

Can you open a ticket at mod-h2 github or apache bugzilla for this and attach a sample configuration with which you can reproduce the error?

This looks like a weird interference of things...
Back to top
nono303



Joined: 20 Dec 2016
Posts: 86
Location: France, Lille

PostPosted: Wed 21 Dec '16 11:02    Post subject: Reply with quote

Here is https://github.com/icing/mod_h2/issues/126
Back to top
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Wed 21 Dec '16 17:51    Post subject: Reply with quote

It´s very interesting. Since the update of Version 2.4.25 is my problem solved with OCSP Stapling on yesterday.

But, thanks that you create the ticket on github Smile.

@Icing. Sorry for my late posting. I have not missing you, i have no time at the moment to create a good log with the problem Sad.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1