Bug 230681 - benchmarks/httperf: for TLS > 1.0 first request send to server is garbage / random bits
Summary: benchmarks/httperf: for TLS > 1.0 first request send to server is garbage / r...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Julien Laffaye
Depends on:
Reported: 2018-08-16 23:36 UTC by szander
Modified: 2019-12-07 11:45 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (jlaffaye)


Note You need to log in before you can comment on or make changes to this bug.
Description szander 2018-08-16 23:36:51 UTC
When I use TLS 1.1 or TLS 1.2 the first request that is send to the server is completely garbage (looks like some random bits from memory rather than a HTTP request). Subsequent requests to the same server work fine. I'm not sure what precisely the issue is but I noted that core_ssl_connect() is written such that httperf can interleave other stuff while connecting. With a more "atomic" connect loop the problem is gone on my test machine: 

        while ((ssl_err = SSL_connect(s->ssl)) == -1) {
                int reason = SSL_get_error(s->ssl, ssl_err);

                if (reason != SSL_ERROR_WANT_READ &&
                    reason != SSL_ERROR_WANT_WRITE) {
                            "%s: failed to connect to SSL server (err=%d, reason=%d)\n",
                            prog_name, ssl_err, reason);
Comment 1 Walter Schwarzenfeld freebsd_triage 2019-08-13 05:09:46 UTC
Maintainer feedback!
Comment 2 commit-hook freebsd_committer 2019-12-07 11:40:20 UTC
A commit references this bug:

Author: danfe
Date: Sat Dec  7 11:39:36 UTC 2019
New revision: 519200
URL: https://svnweb.freebsd.org/changeset/ports/519200

  - Update to the latest GitHub commit: current version is from 2015
    and is not compatible with modern OpenSSL implementations
  - Set PORTVERSION to the version number as reported by `httperf -V'
  - Increase buffer size in do_recv() to match TLS record size which
    can be up to 16kB [1]
  - When using TLS 1.1 or TLS 1.2, the first SSL_connect() may often
    return error, while subsequent requests work fine -- to mitigate
    this, try to SSL_connect() a little harder [2]

  Approved by:	maintainer timeout

  PR:	230680 [1], 230681 [2]

Comment 3 Alexey Dokuchaev freebsd_committer 2019-12-07 11:45:04 UTC
Should be fixed per ports r519200, thanks!