Skip to content

GnuTLS after many apache reloads #3590

Description

@Nachtlichtermeer

Describe the bug

After 1000-2000 reloads of apache2 Error in GnuTLS initialization: Failed to acquire random data. is logged in error.log of apache multiple times per reload.
These messages are gone after restarting apache.
It doensn't matter which ModSec rules are loaded.
It's happen with only 'SecRuleEngine On' in security.conf of apache, too.

Logs and dumps

output of apache debug log while graceful-stop:
[Mon Jun 29 13:12:31.159434 2026] [socache_shmcb:debug] [pid 3401527:tid 130072874837696] mod_socache_shmcb.c(508): AH00831: socache_shmcb_store (0x8f -> subcache 15)
[Mon Jun 29 13:12:31.159461 2026] [socache_shmcb:debug] [pid 3401527:tid 130072874837696] mod_socache_shmcb.c(862): AH00847: insert happened at idx=7, data=(1480:1512)
[Mon Jun 29 13:12:31.159470 2026] [socache_shmcb:debug] [pid 3401527:tid 130072874837696] mod_socache_shmcb.c(865): AH00848: finished insert, subcache: idx_pos/idx_used=0/8, data_pos/data_used=0/1696
[Mon Jun 29 13:12:31.159478 2026] [socache_shmcb:debug] [pid 3401527:tid 130072874837696] mod_socache_shmcb.c(530): AH00834: leaving socache_shmcb_store successfully
[Mon Jun 29 13:12:31.159567 2026] [socache_shmcb:debug] [pid 3401527:tid 130072874837696] mod_socache_shmcb.c(508): AH00831: socache_shmcb_store (0x60 -> subcache 0)
[Mon Jun 29 13:12:31.159584 2026] [socache_shmcb:debug] [pid 3401527:tid 130072874837696] mod_socache_shmcb.c(862): AH00847: insert happened at idx=5, data=(1073:1105)
[Mon Jun 29 13:12:31.159592 2026] [socache_shmcb:debug] [pid 3401527:tid 130072874837696] mod_socache_shmcb.c(865): AH00848: finished insert, subcache: idx_pos/idx_used=0/6, data_pos/data_used=0/1288
[Mon Jun 29 13:12:31.159599 2026] [socache_shmcb:debug] [pid 3401527:tid 130072874837696] mod_socache_shmcb.c(530): AH00834: leaving socache_shmcb_store successfully
[Mon Jun 29 13:12:31.208061 2026] [ssl:debug] [pid 3401527:tid 130072874837696] ssl_engine_kernel.c(254): [client 172.19.0.7:65492] AH02034: Initial (No.1) HTTPS request received for child 8 (server cloud.intecsoft.de:443)
[Mon Jun 29 13:12:31.208117 2026] [authz_core:debug] [pid 3401527:tid 130072874837696] mod_authz_core.c(843): [client 172.19.0.7:65492] AH01628: authorization result: granted (no directives)
[Mon Jun 29 13:12:31.210934 2026] [proxy:debug] [pid 3401527:tid 130072874837696] mod_proxy.c(1521): [client 172.19.0.7:65492] AH01143: Running scheme https handler (attempt 0)
==> /var/log/apache2/error.log <==
[Mon Jun 29 13:12:31.541294 2026] [mpm_event:debug] [pid 3401464:tid 130073534265216] event.c(575): wake up listener
[Mon Jun 29 13:12:31.541323 2026] [core:info] [pid 4187255:tid 130073534265216] AH00096: removed PID file /var/run/apache2/apache2.pid (pid=4187255)
[Mon Jun 29 13:12:31.541354 2026] [mpm_event:notice] [pid 4187255:tid 130073534265216] AH00492: caught SIGWINCH, shutting down gracefully
[Mon Jun 29 13:12:31.542516 2026] [mpm_event:debug] [pid 3401527:tid 130073534265216] event.c(575): wake up listener
[Mon Jun 29 13:12:31.543106 2026] [mpm_event:debug] [pid 3401773:tid 130073534265216] event.c(575): wake up listener
[Mon Jun 29 13:12:31.543153 2026] [mpm_event:debug] [pid 3401658:tid 130073534265216] event.c(575): wake up listener
==> /var/www/cloud.intecsoft.de/logs/error.log <==
[Mon Jun 29 13:12:31.556155 2026] [ssl:debug] [pid 3401527:tid 130072639841984] ssl_engine_io.c(1147): [client 172.19.0.7:65492] AH02001: Connection closed to child 36 with standard shutdown (server cloud.intecsoft.de:443)
[Mon Jun 29 13:12:31.557177 2026] [ssl:debug] [pid 3401527:tid 130073013057216] ssl_engine_io.c(1147): [client 172.19.0.6:54198] AH02001: Connection closed to child 0 with standard shutdown (server cloud.intecsoft.de:443)
==> /var/log/apache2/error.log <==
[Mon Jun 29 13:12:32.542594 2026] [core:notice] [pid 4187255:tid 130073534265216] AH00052: child pid 3401527 exit signal Segmentation fault (11)
[Mon Jun 29 13:12:32.542661 2026] [mpm_event:debug] [pid 4187255:tid 130073534265216] event.c(715): Child 0 stopped: pid 3401527, gen 1368, active 3/10, total 3/6/24, quiescing 1
[Mon Jun 29 13:12:32.542828 2026] [core:notice] [pid 4187255:tid 130073534265216] AH00052: child pid 3401464 exit signal Segmentation fault (11)
[Mon Jun 29 13:12:32.542864 2026] [mpm_event:debug] [pid 4187255:tid 130073534265216] event.c(715): Child 1 stopped: pid 3401464, gen 1368, active 2/10, total 2/6/24, quiescing 1
[Mon Jun 29 13:12:32.543010 2026] [core:notice] [pid 4187255:tid 130073534265216] AH00052: child pid 3401773 exit signal Segmentation fault (11)
[Mon Jun 29 13:12:32.543024 2026] [mpm_event:debug] [pid 4187255:tid 130073534265216] event.c(715): Child 2 stopped: pid 3401773, gen 1368, active 1/10, total 1/6/24, quiescing 1
[Mon Jun 29 13:12:32.543152 2026] [core:notice] [pid 4187255:tid 130073534265216] AH00052: child pid 3401658 exit signal Segmentation fault (11)
[Mon Jun 29 13:12:32.543162 2026] [mpm_event:debug] [pid 4187255:tid 130073534265216] event.c(715): Child 5 stopped: pid 3401658, gen 1368, active 0/10, total 0/6/24, quiescing 1
in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.
Error in GnuTLS initialization: Failed to acquire random data.

To Reproduce
systemctl restart apache2; for i in $(seq 1 10000); do echo $i; systemctl reload apache2 >/dev/null; if tac /var/log/apache2/error.log | grep -E 'Doing graceful restart|Graceful restart requested|shutting down gracefully' -m 1 -B 1000 | grep Err -q; then break; fi; sleep 0,5; done; date

Expected behavior

these error should'nt be logged or the reasen should be clear

Versions

ii  libapache2-mod-security2              2.9.7-1build3                           amd64        Tighten web applications security for Apache
ii  modsecurity-crs                       3.3.5-2                                 all          OWASP ModSecurity Core Rule Set

with apache 2.4.58 on Ubuntu 24.04

Metadata

Metadata

Assignees

No one assigned

    Labels

    2.xRelated to ModSecurity version 2.x

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions