In “SSL renegotiation – a never-ending story?” I introduced you to problems with Apache’s httpd version 2.2.12 from SLES11SP2, where under certain conditions the server aborts the SSL renegotiation and the client then either appears to hang or reports an error.
Fortunately, I had the opportunity to discuss the issue with SuSE’s support team. Of course it was helpful that I could recreate the problem at will in our test environment, and therefore was able to provide all debug logs and network traces, too. Equipped with those details, SuSE’s development team took over and did so for good: Within a few days and some intermediate tests, the very competent developers had the problem nailed and provided an updated set of RPMs, a so-called PTF (“program temporary fix”).
The corrected program versions are on it’s way to the update repositories, too, but of course it may take some time until all final packaging and testing is completed. Considering that this problem may well have been in the upstream code since working around the SSL “man in the middle re-negotiation flaw” in 2009, that seems a fair price.
This is another good example why having software support is a very good idea when running systems professionally, even if they’re open source. Sometimes it is simply a necessity to have a professional developer at hand, with deep inside knowledge and a sound understanding – something that can easily get expensive when trying to do it all by yourself.
5 Responses to SSL renegotiation – all’s well that ends well