Apache segmentation fault when using Chacha20-Poly1305

Asked by Jani Pewter on 2018-02-22

When Apache has SSLCipherSuites configured as follows:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384

Apache is constantly experiencing segmentation faults when clients which select Chacha20-Poly1305 (which is basically all of them except Apple devices when it is prioritised first) are trying to download data. HTML pages seem to load fine but when certain files (so far I have found out .jpg, .gif and .zip) are loaded the browser shows "empty response" error. Apache error log is filled with these lines:

[Thu Feb 22 02:56:10.441107 2018] [core:notice] [pid 3045] AH00051: child pid 3051 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:10.441150 2018] [core:notice] [pid 3045] AH00051: child pid 3113 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:11.447224 2018] [core:notice] [pid 3045] AH00051: child pid 3049 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:11.447475 2018] [core:notice] [pid 3045] AH00051: child pid 3111 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:12.452513 2018] [core:notice] [pid 3045] AH00051: child pid 3088 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:12.452717 2018] [core:notice] [pid 3045] AH00051: child pid 3112 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:14.467912 2018] [core:notice] [pid 3045] AH00051: child pid 3089 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:14.468189 2018] [core:notice] [pid 3045] AH00051: child pid 3173 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:23.487238 2018] [core:notice] [pid 3045] AH00051: child pid 3174 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:23.487447 2018] [core:notice] [pid 3045] AH00051: child pid 3176 exit signal Segmentation fault (11), possible coredump in /etc/apache2
[Thu Feb 22 02:56:23.487499 2018] [core:notice] [pid 3045] AH00051: child pid 3178 exit signal Segmentation fault (11), possible coredump in /etc/apache2

If we move another ciper suite to first priority, for example AES-256-GCM, the problem ceases as all clients (except some very old Android devices) will select this cipher by default.

Setup info:
Ubuntu server 16.04.3 in VMware virtual machine
LAMP stack selected during OS install, all packages up to date
Chacha20-Poly1305 supported added from PPA: https://launchpad.net/~linux1488/+archive/ubuntu/openssl-chacha20poly1305

I have done 3 clean installs in the last 2 days and can reproduce this every time. I have been using Chacha20-Poly1305 as the first priority cipher for a long time until now with no problem as my VMware host does not have a CPU with AES-NI and ChaCha20 is much faster than AES-256. I only started experiencing this problem this week.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu apache2 Edit question
Assignee:
No assignee Edit question
Last query:
2018-02-22
Last reply:
2018-02-22

I suggest you contact the PPA maintenaner.

Can you help with this problem?

Provide an answer of your own, or ask Jani Pewter for more information if necessary.

To post a message you must log in.