235020 – www/apache24: patch to prevent lockup with TLS 1.3 (PATCH)

Bug 235020 - www/apache24: patch to prevent lockup with TLS 1.3 (PATCH)

Summary: www/apache24: patch to prevent lockup with TLS 1.3 (PATCH)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-apache (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-01-17 10:01 UTC by Ollivier Robert
Modified:	2019-01-24 08:19 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (apache)

Attachments
patch to ssl module. (1.18 KB, patch) 2019-01-17 10:01 UTC, Ollivier Robert	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ollivier Robert freebsd_committer

2019-01-17 10:01:44 UTC

Created attachment 201206 [details]
patch to ssl module.

There is an upstream patch for the SSL module in Apache 2.4 to prevent lockups when using TLS v1.3 and OpenSSL 1.1.1a.  It will be incorporated in the next 2.4 release but it would be nice to include the patch in the meantime.

cf. https://bz.apache.org/bugzilla/show_bug.cgi?id=63052

(I have confirmation the patch works)

Comment 1 Jochen Neumeister freebsd_committer

2019-01-24 08:19:03 UTC

Hi :-)

this was fix in r491041

Changelog:
[..]
    *) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
       PR 63052 [Joe Orton]