[lighttpd] 1.4.68-1 broken KTLS

Problems with packages? Post here, using [tags] of the package name.

[lighttpd] 1.4.68-1 broken KTLS

Postby Freemor » Fri Feb 03, 2023 8:38 pm

My system was upgraded to lighttpd 1.4.68-1 in the last few days.
I quickly noticed issues. Many connections dropped with no log entry in either access.log or error.log
Watching via tcpdump showed the connections trying and failing.
Also there was an issue with random 100% CPU usage that required restarting lighttpd to fix.

Dropping back to the previous build fixed all the issues.

Checked the change log for 1.4.68 on the lighttpd website.
Noticed that one of the changes was turning on KTLS
This led me to believe that the error was with KTLS. This made sense as clearly the missed connections were failing someplace outside of lighttpd and thus not being logged.

I add "Options" => "-KTLS" to ssl.openssl.ssl-conf-cmd in lighttpd's conf. That fixed the problem.

I do not know how many other systems this affects.
my system is a PCduino3 nano with an AllWinner A20 SoC, 1GHz ARM Cortex A7 Dual Core processor.

If it is a common problem building with KTLS disabled might be an option.
Freemor
 
Posts: 2
Joined: Fri Feb 03, 2023 8:21 pm

Re: [lighttpd] 1.4.68-1 broken KTLS

Postby Freemor » Sat Feb 04, 2023 2:34 pm

Thinking on this more last night might it be advisable to blacklist the tls module on affected systems as other programs will probably default to using KTLS and thus also have flaky and unexplained behaviors?

-- update --
Ran a test:

rmmod tls
Removed the "option" => "-KTLS" from lighttpd.conf
Restarted lighttpd.service
Ran some test connections that were know to fail.
They all worked correctly.

So for myself I'll be blacklisting the kernels tls module for the time being to prevent future head banging trying to DX weird TLS/SSL problems.
Freemor
 
Posts: 2
Joined: Fri Feb 03, 2023 8:21 pm


Return to Packages

Who is online

Users browsing this forum: No registered users and 4 guests

cron