Comment 13 for bug 1833896

I'm seeing this problem on my production environment. I'm dependent on TLS renegotiation. Downgrading OpenSSL to 1.1.0 solves the problem. Upgrading both OpenSSL to 1.1.1 and Apache to 2.4.39 and disabling TLSv1.3 solves it too.

I'm using mod_reqtimeout to let users authenticate with client certificates stored in slower smart cards.

I'm using this mod_reqtimeout configuration:

RequestReadTimeout header=10 body=30

I'm seeing that the wait between the client certificate selection and the authentication takes effect, is equal to the body timeout setting.

Hope it helps throwing some light at the issue.