You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2022/04/24 01:07:28 UTC

[Bug 66028] New: Can't use openssl3.0.x ktls.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

            Bug ID: 66028
           Summary: Can't use openssl3.0.x ktls.
           Product: Apache httpd-2
           Version: 2.4.53
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: paulzakk@hotmail.com
  Target Milestone: ---

I am using apache version 2.5.53 in Linux environment.
openssl version 3.0.2 is used.
I know that openssl 3.0.x version officially supports kernel tls (ktls).

I know that openssl 3.0.x version officially supports kernel tls (ktls). So I
built using the enable-ktls option when building openssl and added
SSLOpenSSLConfCmd Options KTLS to enable KTLS in apache.
However, when I traced the log, it was confirmed that the following log was
output.

ssl_engine_io.c(586): [client xxx.xxx.xxx.xxx:xxxxx] BUG: bio_filter_in_ctrl()
should not be called with cmd=76

Is there any way to use openssl's ktls function?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 66028] Can't use openssl3.0.x ktls.

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

Joe Orton <jo...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #3 from Joe Orton <jo...@redhat.com> ---
Does mod_ssl fail in this configuration or not with 2.4.53? If it fails please
give more logs. If it works but doesn't use KTLS there's probably little we can
do about it in mod_ssl.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 66028] Can't use openssl3.0.x ktls.

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

--- Comment #2 from Joe Orton <jo...@redhat.com> ---
That is only a debugging message - though it is wrong since it's not a bug.

I think that OpenSSL's KTLS support will not be usable from httpd because
mod_ssl does not use a socket BIO (OpenSSL's support for talking directly to a
socket);  all output from mod_ssl goes through the output filter chain so it
can be interpreted/intercepted/handled elsewhere in the server.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 66028] Can't use openssl3.0.x ktls.

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

--- Comment #4 from paulzakk@hotmail.com ---
There are no mod_ssl errors in my environment.
I understand that if mod_ssl doesn't use BIO, then openssl's KTLS doesn't work
as you said.

Thank you for answer.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 66028] Can't use openssl3.0.x ktls.

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

--- Comment #1 from paulzakk@hotmail.com ---
(In reply to paulzakk from comment #0)
> I am using apache version 2.5.53 in Linux environment.
> openssl version 3.0.2 is used.
> I know that openssl 3.0.x version officially supports kernel tls (ktls).
> 
> I know that openssl 3.0.x version officially supports kernel tls (ktls). So
> I built using the enable-ktls option when building openssl and added
> SSLOpenSSLConfCmd Options KTLS to enable KTLS in apache.
> However, when I traced the log, it was confirmed that the following log was
> output.
> 
> ssl_engine_io.c(586): [client xxx.xxx.xxx.xxx:xxxxx] BUG:
> bio_filter_in_ctrl() should not be called with cmd=76
> 
> Is there any way to use openssl's ktls function?

The apache version was written incorrectly.
The version I use is 2.4.53 .

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 66028] Can't use openssl3.0.x ktls.

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

Joe Orton <jo...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #5 from Joe Orton <jo...@redhat.com> ---
Thanks for following up.  I've adjusted the log messages in r1900309 - since
there is not otherwise a bug here I will close this.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org