Ubuntu 18.04.4 LTS, after update from apache 2.4.29-1ubuntu4.11 to apache 2.4.29-1ubuntu4.12 authentication with client certificate stopped working. No certificate is requested from client browser and apahce log has error:
[Tue Mar 03 16:03:34.964389 2020] [ssl:debug] [pid 12384:tid 139853354215168] ssl_engine_kernel.c(2217): AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_256_GCM_SHA384 (256/256 bits)
[Tue Mar 03 16:03:36.499614 2020] [ssl:debug] [pid 12383:tid 139853481088768] ssl_engine_io.c(1106): AH02001: Connection closed to child 1 with standard shutdown
[Tue Mar 03 16:03:37.714744 2020] [ssl:debug] [pid 12384:tid 139853481088768] ssl_engine_kernel.c(383): AH02034: Initial (No.1) HTTPS request received for child 65 (server devel.liisi.ee:443), referer: https://devel.liisi.ee:8950/accounts/login/
[Tue Mar 03 16:03:37.714941 2020] [ssl:error] [pid 12384:tid 139853481088768] AH: verify client post handshake, referer: https://devel.liisi.ee:8950/accounts/login/
A temporary workaround is to disable the whole TLSv1.3 protocol in the vhost configuration.
Ubuntu 18.04.4 LTS, after update from apache 2.4.29-1ubuntu4.11 to apache 2.4.29-1ubuntu4.12 authentication with client certificate stopped working. No certificate is requested from client browser and apahce log has error:
[Tue Mar 03 16:03:34.964389 2020] [ssl:debug] [pid 12384:tid 139853354215168] ssl_engine_ kernel. c(2217) : AH02041: Protocol: TLSv1.3, Cipher: TLS_AES_ 256_GCM_ SHA384 (256/256 bits) io.c(1106) : AH02001: Connection closed to child 1 with standard shutdown kernel. c(383): AH02034: Initial (No.1) HTTPS request received for child 65 (server devel.liisi. ee:443) , referer: https:/ /devel. liisi.ee: 8950/accounts/ login/ /devel. liisi.ee: 8950/accounts/ login/
[Tue Mar 03 16:03:36.499614 2020] [ssl:debug] [pid 12383:tid 139853481088768] ssl_engine_
[Tue Mar 03 16:03:37.714744 2020] [ssl:debug] [pid 12384:tid 139853481088768] ssl_engine_
[Tue Mar 03 16:03:37.714941 2020] [ssl:error] [pid 12384:tid 139853481088768] AH: verify client post handshake, referer: https:/
A temporary workaround is to disable the whole TLSv1.3 protocol in the vhost configuration.