Comment 21 for bug 1836329

Disable:
#HSTS Header
Header always set Strict-Transport-Security: "max-age=63072000; includeSubDomains; preload"
=> Still triggering ...

Disable:
#Enable http2
Protocols h2 http/1.1
# AND
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
=> Still triggering ...

Disable (in mod and site config):
SSLSessionTickets off
SSLOpenSSLConfCmd Options +PrioritizeChaCha
=> Still triggering ...

Disable (in mod and site config):
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!DSS
SSLOpenSSLConfCmd Curves X448:X25519:P-256:P-384
SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparam.pem"
=> Still triggering ...

This matches my comment #2 config now.
So the flaky part was the one time it worked find on the initial run?

Retrying two more times ...
Yeah base config still triggers the issue ...
So other than first assumed it was either
a) not the config
OR
b) we needed to run multiple tests to enter some bad state (but apache restarts in between)

In any of the abvoe cases, @andreas you can use the system to test and builds that you have.
Just take a potential pass with a grain of salt and rerun it a few times.