Arch Linux

Description:

https with lighttpd is currently broken unless tls1.3 is explicitly disabled. Adding the following line is a workaround, but disables tls1.3:
```
ssl.openssl.ssl-conf-cmd = ("Protocol" => "-TLSv1, -SSLv3, -TLSv1.3")
```

Additional info:
- lighttpd: 1.4.50-1
- openssl: 1.1.1-1

Steps to reproduce:
- Install lighttpd
- Enable https with the following config

```
protocol = "https://"
ssl.engine = "enable"
ssl.disable-client-renegotiation = "enable"

# pemfile is cert+privkey, ca-file is the intermediate chain in one file
ssl.pemfile = "/var/lib/acme/live/redacted/haproxy"
ssl.ca-file = "/var/lib/acme/live/redacted/chain"

# for DH/DHE ciphers, dhparam should be >= 2048-bit
ssl.dh-file = "/etc/lighttpd/dhparam4096.pem"
# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
ssl.ec-curve = "secp384r1"
# Compression is by default off at compile-time, but use if needed
# ssl.use-compression = "disable"

# Environment flag for HTTPS enabled
#setenv.add-environment = (
# "HTTPS" => "on"
#)

# intermediate configuration, tweak to your needs
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"

alias.url = ( "/.well-known/" => "/srv/well-known/" )
```

Open the site and firefox reports "Secure Connection Failed" after some seconds, curl shows the following error right away:

```
* SSL certificate verify ok.
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET / HTTP/1.1
> Host: redacted
> User-Agent: curl/7.61.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS alert, [no content] (0):
* TLSv1.3 (IN), TLS alert, close notify (256):
* Empty reply from server
```

The following is logged by lighttpd:
```
2018-10-14 08:36:42: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
2018-10-14 08:36:42: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
2018-10-14 08:36:42: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
2018-10-14 08:36:42: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
2018-10-14 08:36:42: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
2018-10-14 08:36:43: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
2018-10-14 08:36:43: (mod_openssl.c.1617) SSL: 1 -1 error:14094123:SSL routines:ssl3_read_bytes:application data after close notify
2018-10-14 08:36:43: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
2018-10-14 08:36:43: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
2018-10-14 08:36:43: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
2018-10-14 08:36:43: (mod_openssl.c.1419) SSL: renegotiation initiated by client, killing connection
```