Mailing List Archive: [Bug 66028] Can't use openssl3.0.x ktls.

[Bug 66028] Can't use openssl3.0.x ktls.

Apr 23, 2022, 6:43 PM

Post #1 of 5 (452 views)

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

--- Comment #1 from paulzakk@hotmail.com ---
(In reply to paulzakk from comment #0)
> I am using apache version 2.5.53 in Linux environment.
> openssl version 3.0.2 is used.
> I know that openssl 3.0.x version officially supports kernel tls (ktls).
>
> I know that openssl 3.0.x version officially supports kernel tls (ktls). So
> I built using the enable-ktls option when building openssl and added
> SSLOpenSSLConfCmd Options KTLS to enable KTLS in apache.
> However, when I traced the log, it was confirmed that the following log was
> output.
>
> ssl_engine_io.c(586): [client xxx.xxx.xxx.xxx:xxxxx] BUG:
> bio_filter_in_ctrl() should not be called with cmd=76
>
> Is there any way to use openssl's ktls function?

The apache version was written incorrectly.
The version I use is 2.4.53 .

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 66028] Can't use openssl3.0.x ktls. [ In reply to ]

bugzilla at apache

Apr 25, 2022, 3:38 AM

Post #2 of 5 (449 views)

Permalink

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

--- Comment #2 from Joe Orton <jorton@redhat.com> ---
That is only a debugging message - though it is wrong since it's not a bug.

I think that OpenSSL's KTLS support will not be usable from httpd because
mod_ssl does not use a socket BIO (OpenSSL's support for talking directly to a
socket); all output from mod_ssl goes through the output filter chain so it
can be interpreted/intercepted/handled elsewhere in the server.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 66028] Can't use openssl3.0.x ktls. [ In reply to ]

bugzilla at apache

Apr 26, 2022, 8:01 AM

Post #3 of 5 (447 views)

Permalink

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

Joe Orton <jorton@redhat.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO

--- Comment #3 from Joe Orton <jorton@redhat.com> ---
Does mod_ssl fail in this configuration or not with 2.4.53? If it fails please
give more logs. If it works but doesn't use KTLS there's probably little we can
do about it in mod_ssl.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 66028] Can't use openssl3.0.x ktls. [ In reply to ]

bugzilla at apache

Apr 26, 2022, 8:36 AM

Post #4 of 5 (447 views)

Permalink

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

--- Comment #4 from paulzakk@hotmail.com ---
There are no mod_ssl errors in my environment.
I understand that if mod_ssl doesn't use BIO, then openssl's KTLS doesn't work
as you said.

Thank you for answer.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 66028] Can't use openssl3.0.x ktls. [ In reply to ]

bugzilla at apache

Apr 27, 2022, 12:46 AM

Post #5 of 5 (443 views)

Permalink

https://bz.apache.org/bugzilla/show_bug.cgi?id=66028

Joe Orton <jorton@redhat.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |RESOLVED
Resolution|--- |WONTFIX

--- Comment #5 from Joe Orton <jorton@redhat.com> ---
Thanks for following up. I've adjusted the log messages in r1900309 - since
there is not otherwise a bug here I will close this.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org