Bug#880565: apache2: when SSLSessionTicketKeyFile is set then TLS Session ticket will be empty

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#880565: apache2: when SSLSessionTicketKeyFile is set then TLS Session ticket will be empty
From: Jozsef Szilagyi <szjozsef@yahoo.com>
Date: Thu, 02 Nov 2017 14:15:51 +0200
Message-id: <[🔎] 150962495127.11609.692719532053125517.reportbug@w2.generalmagic.com>
Reply-to: Jozsef Szilagyi <szjozsef@yahoo.com>, 880565@bugs.debian.org

Package: apache2
Version: 2.4.25-3+deb9u3
Severity: normal

Dear Maintainer,

the SSLSessionTicketKeyFile to a shared memory stored file syncronized between multiple server in order to permit
TLS session reuse between servers via session tickets, this configuration is worked fine in Jessie and also the same configuration is working on Buster
with all the logs activated apache says in the virtual hosts error.log that : AH02288: TLS session ticket key for ... successfully loaded from /dev/shm/...

If SSLSessionTicketKeyFile is not configured then the TLS session reuse via session tickets is working but that way is not possible
to syncronize the key used between servers

I would expect that this configurations is working also in Stretch.

-- Package-specific info:

-- System Information:
Debian Release: 9.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2 depends on:
ii  apache2-bin          2.4.25-3+deb9u3
ii  apache2-data         2.4.25-3+deb9u3
ii  apache2-utils        2.4.25-3+deb9u3
ii  dpkg                 1.18.24
ii  init-system-helpers  1.48
ii  lsb-base             9.20161125
ii  mime-support         3.60
ii  perl                 5.24.1-3+deb9u2
ii  procps               2:3.3.12-3

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.39

Versions of packages apache2 suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  lynx [www-browser]                               2.8.9dev11-1

Versions of packages apache2-bin depends on:
ii  libapr1                  1.5.2-5
ii  libaprutil1              1.5.4-3
ii  libaprutil1-dbd-sqlite3  1.5.4-3
ii  libaprutil1-ldap         1.5.4-3
ii  libc6                    2.24-11+deb9u1
ii  libldap-2.4-2            2.4.44+dfsg-5+deb9u1
ii  liblua5.2-0              5.2.4-1.1+b2
ii  libnghttp2-14            1.18.1-1
ii  libpcre3                 2:8.39-3
ii  libssl1.0.2              1.0.2l-2
ii  libxml2                  2.9.4+dfsg1-2.2+deb9u1
ii  perl                     5.24.1-3+deb9u2
ii  zlib1g                   1:1.2.8.dfsg-5

Versions of packages apache2-bin suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
ii  lynx [www-browser]                               2.8.9dev11-1

Versions of packages apache2 is related to:
ii  apache2      2.4.25-3+deb9u3
ii  apache2-bin  2.4.25-3+deb9u3

-- Configuration Files:
/etc/logrotate.d/apache2 changed [not included]

-- no debconf information

Reply to:

Prev by Date: Bug#880195: apache2: Trying to use ws:// in proxy results in "No protocol handler was valid for the URL /ws .... "
Next by Date: Wheezy update of apr and apr-util?
Previous by thread: Bug#880195: apache2: Trying to use ws:// in proxy results in "No protocol handler was valid for the URL /ws .... "
Next by thread: Wheezy update of apr and apr-util?
Index(es):
- Date
- Thread