Bug 253394 - www/apache24: OpenSSL KTLS causes regression: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
Summary: www/apache24: OpenSSL KTLS causes regression: SSL_ERROR_HANDSHAKE_UNEXPECTED_...
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-apache (Nobody)
URL:
Keywords:
: 253879 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-02-10 05:49 UTC by O. Hartmann
Modified: 2021-02-28 17:13 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (apache)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description O. Hartmann 2021-02-10 05:49:05 UTC
After introduction and activation of KTLS in CURRENT, servers running the KTLS activated kernel and serving webservices via www/apache24 stopped working, please see similar bugs reported for the KTLS issue in PR 253135 , PR 253214 . The issue is severe, any connection to a server running KTLS kernel and non-patched www/apache24 seem to reject connection. Firefox is

reportingSSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT
Comment 1 O. Hartmann 2021-02-13 19:15:48 UTC
As a temporary, preliminary workaround: The problem disappears by adding

WITHOUT_OPENSSL_KTLS

to /etc/src.conf
Comment 2 Felix Kronlage-Dammers 2021-02-26 17:50:58 UTC
jhb@ created this review for a fix (and this fixes the issue for me).

https://reviews.freebsd.org/D28932
Comment 3 John Baldwin freebsd_committer freebsd_triage 2021-02-26 23:45:15 UTC
*** Bug 253879 has been marked as a duplicate of this bug. ***
Comment 4 O. Hartmann 2021-02-28 17:13:57 UTC
(In reply to Felix Kronlage-Dammers from comment #2)

The patch referred to at

https://reviews.freebsd.org/D28932

solves at least for me the problem reported herein.

Regards
oh