Bug 62975 - TLS 1.3: cannot perform post-handshake authentication
Summary: TLS 1.3: cannot perform post-handshake authentication
Status: RESOLVED INVALID
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.4.37
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-12-03 17:53 UTC by Craig
Modified: 2018-12-04 18:36 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Craig 2018-12-03 17:53:39 UTC
When using OpenSSL 1.1.1 with Apache 2.4.37, client authentication files with these messages logged:

[Tue Nov 20 13:20:57.718509 2018] [ssl:error] [pid 8117] [client x.x.x.x:35692] AH: verify client post handshake
[Tue Nov 20 13:20:57.718565 2018] [ssl:error] [pid 8117] [client x.x.x.x:35692] AH10158: cannot perform post-handshake authentication
[Tue Nov 20 13:20:57.718591 2018] [ssl:error] [pid 8117] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received

This problem does not occur if:
* OpenSSL 1.0.x is used
* If TLS 1.3 is explicitly disabled using the "SSLProtocol TLSv1.2" directive
* If "SSLVerifyClient require" is moved out of a Location/Directory block and is directly in a VirtualHost section

Here's the vhost configuration I'm using:
SSLCACertificateFile /etc/ssl/DoD_CAs.pem
SSLOCSPEnable on
<Directory /var/www/localhost/htdocs/cac>
        SSLOptions +StrictRequire
        SSLRequireSSL
        SSLVerifyClient require
        SSLVerifyDepth  10
        SSLOptions +FakeBasicAuth
</Directory>

The browser used is Firefox 63.0.3.

This issue was also reported at:
* https://bugzilla.redhat.com/show_bug.cgi?id=1651623
* https://stackoverflow.com/questions/53062504/apache-2-4-37-with-openssl-1-1-1-cannot-perform-post-handshake-authentication

Thanks!
Comment 1 Joe Orton 2018-12-04 10:13:50 UTC
Not sure how what I said in the Fedora bug was unclear -- this is a bug in Firefox, it needs to support TLSv1.3 Post-Handshake Authentication.  There isn't a mod_ssl problem here, mod_ssl is reporting that Firefox doesn't support PHA.
Comment 2 Jens Lauterbach 2018-12-04 17:55:25 UTC
(In reply to Joe Orton from comment #1)
> Not sure how what I said in the Fedora bug was unclear -- this is a bug in
> Firefox, it needs to support TLSv1.3 Post-Handshake Authentication.  There
> isn't a mod_ssl problem here, mod_ssl is reporting that Firefox doesn't
> support PHA.

The same problem is also visible with Chrome in Android and Linux Environment.
Comment 3 Craig 2018-12-04 18:36:21 UTC
(In reply to Jens Lauterbach from comment #2)
> (In reply to Joe Orton from comment #1)
> > Not sure how what I said in the Fedora bug was unclear -- this is a bug in
> > Firefox, it needs to support TLSv1.3 Post-Handshake Authentication.  There
> > isn't a mod_ssl problem here, mod_ssl is reporting that Firefox doesn't
> > support PHA.
> 
> The same problem is also visible with Chrome in Android and Linux
> Environment.

Reported to Chrome/Chromium at https://bugs.chromium.org/p/chromium/issues/detail?id=911653