Since my fedora 29 upgrade, my apache servers that require client authentication fail with this error message :
[Tue Nov 20 13:20:57.718509 2018] [ssl:error] [pid 8117] [client x.x.x.x:35692] AH: verify client post handshake
[Tue Nov 20 13:20:57.718565 2018] [ssl:error] [pid 8117] [client x.x.x.x:35692] AH10158: cannot perform post-handshake authentication
[Tue Nov 20 13:20:57.718591 2018] [ssl:error] [pid 8117] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received
When lowering the tls version in firefox (security.tls.version.max) from 4 to 3 (meaning using tlsv1.2 instead of tlsv1.3 I think), then it works.
This means that Firefox does not enable TLSv1.3 Post-Handshake Authentication, this isn't a mod_ssl problem.
That's right, it works as expected if I put a "SSLVerifyClient require" in the VirtualHost section, but it fails when it's inside a <Location xxx> and not directly at the root of this virtual host.
It is also visible if it's inside a <Directory xxx> block.
The same problem occurs with different browsers, e.g. Firefox, Chrome (Linux/Android).
It was not visible before the upgrade from Fedora 28 (with openssl 1.1.0i) to Fedora 29 (with openssl 1.1.1)
Reported upstream at https://bz.apache.org/bugzilla/show_bug.cgi?id=62975
It seems that the major browsers have not picked up yet PHA to cope with that use-case.
Joe, the last comment in this upstream bug  seems to say that PHA is not yet usable for HTTP. Could mod_ssl negotiate TLS1.2 if PHA is not there and the server has per directory access lists with certificates?
The problem is that mod_ssl doesn't know whether PHA is needed at the time of the initial handshake -- precisely the reason POST-handshake auth is used.
I don't see that TLSv1.3+PHA is any more undefined/messy with HTTP/1.1 than renegotiation was under TLSv1.2 and HTTP/1.1.
Nikos, can we move it upstream or do you want to track it here?
It is up to you
okay, let's track it upstream then - https://bugzilla.mozilla.org/show_bug.cgi?id=1471970