From f53797f61f73614d119513b7f249976e5be71498 Mon Sep 17 00:00:00 2001
From: Eric Covener <ecovener@us.ibm.com>
Date: Mon, 16 Mar 2026 21:00:03 -0400
Subject: [PATCH 1/3] set a liberal default handshake timeout

---
 changes-entries/reqtimeout-defaults.txt | 2 ++
 docs/conf/extra/httpd-default.conf.in   | 2 +-
 docs/manual/mod/mod_reqtimeout.xml      | 5 +++--
 modules/filters/mod_reqtimeout.c        | 4 ++--
 4 files changed, 8 insertions(+), 5 deletions(-)
 create mode 100644 changes-entries/reqtimeout-defaults.txt

diff --git a/changes-entries/reqtimeout-defaults.txt b/changes-entries/reqtimeout-defaults.txt
new file mode 100644
index 00000000000..3e5b68928c9
--- /dev/null
+++ b/changes-entries/reqtimeout-defaults.txt
@@ -0,0 +1,2 @@
+ *) Add add a default handshake timeout (10s) to mod_reqtimeouts internal
+    defaults and the the default configuration. [Eric Covener]
diff --git a/docs/conf/extra/httpd-default.conf.in b/docs/conf/extra/httpd-default.conf.in
index 7196922866a..042595b3513 100644
--- a/docs/conf/extra/httpd-default.conf.in
+++ b/docs/conf/extra/httpd-default.conf.in
@@ -86,5 +86,5 @@ HostnameLookups Off
 # To disable, set to header=0 body=0
 #
 <IfModule reqtimeout_module>
-  RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
+  RequestReadTimeout handshake=10,MinRate=250 header=20-40,MinRate=500 body=20,MinRate=500
 </IfModule>
diff --git a/docs/manual/mod/mod_reqtimeout.xml b/docs/manual/mod/mod_reqtimeout.xml
index 7b4d3e6d112..44981ba1653 100644
--- a/docs/manual/mod/mod_reqtimeout.xml
+++ b/docs/manual/mod/mod_reqtimeout.xml
@@ -103,11 +103,12 @@ the request headers and/or body from client.
 [header=<var>timeout</var>[-<var>maxtimeout</var>][,MinRate=<var>rate</var>]
 [body=<var>timeout</var>[-<var>maxtimeout</var>][,MinRate=<var>rate</var>]
 </syntax>
-<default>RequestReadTimeout handshake=0 header=20-40,MinRate=500 body=20,MinRate=500</default>
+<default>RequestReadTimeout handshake=10,MinRate=250 header=20-40,MinRate=500 body=20,MinRate=500</default>
 <contextlist><context>server config</context><context>virtual host</context>
 </contextlist>
 <compatibility>Defaulted to disabled in version 2.3.14 and earlier. The
-<code>handshake</code> stage is available since version 2.4.39.
+<code>handshake</code> stage is available since version 2.4.39 with non-zero
+defaults added in 2.4.67.
 </compatibility>
 
 <usage>
diff --git a/modules/filters/mod_reqtimeout.c b/modules/filters/mod_reqtimeout.c
index 0e5afca57e4..ff53a584c1b 100644
--- a/modules/filters/mod_reqtimeout.c
+++ b/modules/filters/mod_reqtimeout.c
@@ -29,9 +29,9 @@
 module AP_MODULE_DECLARE_DATA reqtimeout_module;
 
 #define UNSET                            -1
-#define MRT_DEFAULT_handshake_TIMEOUT     0 /* disabled */
+#define MRT_DEFAULT_handshake_TIMEOUT     10
 #define MRT_DEFAULT_handshake_MAX_TIMEOUT 0
-#define MRT_DEFAULT_handshake_MIN_RATE    0
+#define MRT_DEFAULT_handshake_MIN_RATE    250
 #define MRT_DEFAULT_header_TIMEOUT       20
 #define MRT_DEFAULT_header_MAX_TIMEOUT   40
 #define MRT_DEFAULT_header_MIN_RATE      500

From c57cabd87f2465a1caa4a8f42904529de93e9ce2 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 16 Mar 2026 21:21:01 -0400
Subject: [PATCH 2/3] Update compatibility note for handshake stage

+ trigger H2 tests
---
 docs/manual/mod/mod_reqtimeout.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/manual/mod/mod_reqtimeout.xml b/docs/manual/mod/mod_reqtimeout.xml
index 44981ba1653..9803ecb2dcb 100644
--- a/docs/manual/mod/mod_reqtimeout.xml
+++ b/docs/manual/mod/mod_reqtimeout.xml
@@ -107,7 +107,7 @@ the request headers and/or body from client.
 <contextlist><context>server config</context><context>virtual host</context>
 </contextlist>
 <compatibility>Defaulted to disabled in version 2.3.14 and earlier. The
-<code>handshake</code> stage is available since version 2.4.39 with non-zero
+<code>handshake</code> stage is available since version 2.4.39, with non-zero
 defaults added in 2.4.67.
 </compatibility>
 

From 5bf8b37c0f26af9ac6e96b831859a556fcf92c79 Mon Sep 17 00:00:00 2001
From: Eric Covener <ecovener@us.ibm.com>
Date: Mon, 16 Mar 2026 22:32:29 -0400
Subject: [PATCH 3/3] undo guardrails on handshake defaults

---
 modules/filters/mod_reqtimeout.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/modules/filters/mod_reqtimeout.c b/modules/filters/mod_reqtimeout.c
index ff53a584c1b..064d7d4a518 100644
--- a/modules/filters/mod_reqtimeout.c
+++ b/modules/filters/mod_reqtimeout.c
@@ -375,8 +375,7 @@ static int reqtimeout_init(conn_rec *c)
                                &reqtimeout_module);
     AP_DEBUG_ASSERT(cfg != NULL);
 
-    /* For compatibility, handshake timeout is disabled when UNSET (< 0) */
-    if (cfg->handshake.timeout <= 0
+    if (cfg->handshake.timeout == 0
             && cfg->header.timeout == 0
             && cfg->body.timeout == 0) {
         /* disabled for this vhost */
@@ -391,9 +390,7 @@ static int reqtimeout_init(conn_rec *c)
         ap_add_input_filter(reqtimeout_filter_name, ccfg, NULL, c);
 
         ccfg->type = "handshake";
-        if (cfg->handshake.timeout > 0) {
-            INIT_STAGE(cfg, ccfg, handshake);
-        }
+        INIT_STAGE(cfg, ccfg, handshake);
     }
 
     /* we are not handling the connection, we just do initialization */