httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48713] New: Large subversion commits made to an SSL hosted repository error with SSL error "parse tlsext" or "bad decompression"
Date Tue, 09 Feb 2010 19:31:58 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48713

           Summary: Large subversion commits made to an SSL hosted
                    repository error with SSL error "parse tlsext" or "bad
                    decompression"
           Product: Apache httpd-2
           Version: 2.2.14
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: gabe@mudbugmedia.com


After upgrading to Apache 2.2.14-r1 from Apache 2.2.11, a subversion repository
hosted by it began returning the following error mid-way through larger
commits:

'/!svn/wrk/48583f7d-0e01-410d-8941-33d2ba3574b4/WAP/.../htdocs/images/rt.gif':
SSL negotiation failed: SSL error: parse tlsext (https://...)

This seems to be commonly reported as an issue with Apache 2.2.12 - 2.2.14. 
Many people struggling with this have suggested removing TLSv1 from Apache's
SSLProtocol.  However, this results in the following different error:

svn: PUT of
'/!svn/wrk/0b9f5a96-15aa-11df-ad6a-0f71b873281b/project/trunk/path/btn_Cancel.gif':
SSL handshake failed: SSL error: bad decompression (https://...)

The recommend work-around to this error seems to be to add TLSv1 back to your
SSLProtocol, which returns us back to the original error.

Some references include this note:
> Moreover I found out that this problem only occurs if there are at least two 
> virtual hosts served using SSL on the same IP address (<VirtualHost *:443>) 
> by Apache (distinguish by their "ServerName"). 

In this case with my configuration, I have multiple VirtualHosts sharing the
same IP:Port combination as they are using the same wildcard certificate with
different hostnames.

Here are the versions and Gentoo USE (compile) flags of all the relevant
components on my repository's server:
[ebuild   R   ] dev-libs/openssl-0.9.8l-r2  USE="zlib -bindist -gmp -kerberos
-sse2 -test" 4,082 kB
[ebuild   R   ] www-servers/apache-2.2.14-r1  USE="ssl -debug -doc -ldap
(-selinux) -static -suexec -threads" APACHE2_MODULES="actions alias auth_basic
auth_digest authn_dbd authn_default authn_file authz_default authz_groupfile
authz_host authz_user autoindex dav dav_fs dav_lock dbd deflate dir env expires
headers include info log_config logio mime mime_magic negotiation proxy
proxy_balancer proxy_connect proxy_http rewrite setenvif status unique_id
userdir -asis -authn_alias -authn_anon -authn_dbm -authz_dbm -authz_owner
-cache -cern_meta -charset_lite -disk_cache -dumpio -ext_filter -file_cache
-filter* -ident -imagemap -log_forensic -mem_cache -proxy_ajp -proxy_ftp
-speling -substitute -usertrack* -version -vhost_alias" APACHE2_MPMS="prefork
-event -itk -peruser -worker" 5,088 kB
[ebuild   R   ] net-misc/neon-0.29.0  USE="expat nls ssl zlib -doc -gnutls
-kerberos -libproxy -pkcs11" LINGUAS="-cs -de -fr -ja -nn -pl -ru -tr -zh_CN"
859 kB
[ebuild   R   ] dev-util/subversion-1.6.6  USE="apache2 bash-completion dso nls
perl python ruby webdav-neon -berkdb -ctypes-python -debug -doc -emacs -extras
-gnome-keyring -java -sasl -test -vim-syntax -webdav-serf" 5,384 kB




References:
*
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2382623
*
http://code.commongroove.com/archive/2009/09/25/apachesubversion-ssl-negotiation-failed-ssl-error-parse-tlsext.aspx
*
http://serverfault.com/questions/44470/ssl-error-parse-tlsext-on-large-commit-to-svn-via-apache-gentoo
* http://old.nabble.com/parse-tlsext-bug-td24802438.html

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message