Apache2 & OpenSSL conflict

[mav2287 (James)]

When using "apache2 @2.4.48_0+preforkmpm" with 'mod_ssl.so' enabled and "openssl @1.1.1l_0" apache will crash on startup. Unfortunately the way apache crashes is pretty silent even with it set to debug level logging I couldn't find anything in the error_log that would hint at why it is happening. It wasn't till I realized that OS X was creating a crash report for apache that I was able to diagnose what was happening. Below is the error log output for apache and I attached the crash report. The only way I was able to get apache working again was to roll back to "openssl @1.1.1k_0" which appears to be the last version of OpenSSL that is working correctly.

[Mon Aug 30 21:59:50.445393 2021] [socache_shmcb:debug] [pid 1768] mod_socache_shmcb.c(428): AH00822: for 511912 bytes (512000 including header), recommending 32 subcaches, 88 indexes each
[Mon Aug 30 21:59:50.445398 2021] [socache_shmcb:debug] [pid 1768] mod_socache_shmcb.c(465): AH00824: shmcb_init_memory choices follow
[Mon Aug 30 21:59:50.445402 2021] [socache_shmcb:debug] [pid 1768] mod_socache_shmcb.c(467): AH00825: subcache_num = 32
[Mon Aug 30 21:59:50.445406 2021] [socache_shmcb:debug] [pid 1768] mod_socache_shmcb.c(469): AH00826: subcache_size = 15992
[Mon Aug 30 21:59:50.445410 2021] [socache_shmcb:debug] [pid 1768] mod_socache_shmcb.c(471): AH00827: subcache_data_offset = 2128
[Mon Aug 30 21:59:50.445414 2021] [socache_shmcb:debug] [pid 1768] mod_socache_shmcb.c(473): AH00828: subcache_data_size = 13864
[Mon Aug 30 21:59:50.445418 2021] [socache_shmcb:debug] [pid 1768] mod_socache_shmcb.c(475): AH00829: index_num = 88
[Mon Aug 30 21:59:50.445481 2021] [socache_shmcb:info] [pid 1768] AH00830: Shared memory socache initialised
[Mon Aug 30 21:59:50.445488 2021] [ssl:info] [pid 1768] AH01887: Init: Initializing (virtual) servers for SSL
[Mon Aug 30 21:59:50.445496 2021] [ssl:info] [pid 1768] AH01914: Configuring server bam-xserve.private:443 for SSL protocol

[ryandesign (Ryan Carsten Schmidt)]

Sounds like you should report that to the developers of apache2 and/or openssl. I wouldn't know what to do about it.

[mav2287 (James)]

I can report it to the apache2 project. I don't have a newer machine to test on, but might be worth checking to see if it is present on new macOS versions.

[snowflake (Dave Evans)]

Replying to mav2287:

I have the exact same macOS as James, and the same versions of openssl and apache2. Just loading mod_ssl does not seem to be enough to reproduce the crash. I do not have any other ssl directives.

There is also an openssh / openssl bug reported by me, which only happens on 10.11.6. and not on Big Sur. #63405 There is something odd about this version of openssl.

[mav2287 (James)]

Interesting to hear that mod_ssl doesn't crash your version of apache. For me even with the ssl directive include file commented out just including the mod_ssl module in my httpd.conf was enough to stop apache from starting.

Any idea what could be going on under the hood? Also, has a ticket been submitted to the OpenSSL project?

[mav2287 (James)]

Looks like this is still and issue with Openssl 3. The only way to keep things working was to grab an old mod_ssl.so file and to set the current openssl for the system to openssl @1.1.1k_0. I have dropped a bug report at the apache project. Hopefully a resolution comes from there: ​https://bz.apache.org/bugzilla/show_bug.cgi?id=65682

[mav2287 (James)]

After doing some more digging after patching apache. I noticed that if I used curl from within PHP it would tank the connection and crash apache as well. I am starting to suspect that openssl 1.1.1l may have introduced something that doesn't play nice with OS X 10.11. That would explain why both apache and curl are causing crashes. Not sure who maintains OpenSSL, but may be something for them to look at.