Lingering close on TLS connection

Bug #1504162 reported by Gerrit Venema
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
mpm-itk (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

If mpm-itk is installed TLS connections will linger for Alert timeout of 10 seconds unless the client closes first.

Problem can be reproduced with PHP (replace url with your own):

php -r '$context=stream_context_create(array("ssl" => array("ciphers" => "HIGH:!SSLv2:!SSLv3")));echo file_get_contents("https://www.example.com/hello",false,$context);'

Problem cannot be trivially reproduced with curl because it reads Content-Length and sends close itself.

Problem can be fixed by installing newest upstream mpm-itk (mpm-itk-2.4.7-03).

apt-get install apache2-dev
curl http://mpm-itk.sesse.net/mpm-itk-2.4.7-03.tar.gz > mpm-itk-2.4.7-03.tar.gz
tar xf mpm-itk-2.4.7-03.tar.gz
cd mpm-itk-2.4.7-03.tar.gz
./configure
make
make install

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in mpm-itk (Ubuntu):
status: New → Confirmed
Revision history for this message
jimp (jimmy-basicmatrix) wrote :

The relevant discussion: http://lists.err.no/pipermail/mpm-itk/2015-September/thread.html (three threads).
Release announcement: http://lists.err.no/pipermail/mpm-itk/2015-September/000929.html

The MPM-ITK author already has the new version in Debian unstable and it will be released with the next Debian stable.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798108

Can we get this fix ported to Ubuntu? It is a really bad bug, making libapache2-mpm-itk unusable for MSIE and Safari browsers (connections aborted depending on KeepAlive timeout value). Firefox and Chrome appear to handle the issue better, although they are still affected.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.