Bug 1595865

Summary: ALPN is not enabled due to old OpenSSL dependancy
Product: Red Hat Software Collections Reporter: taszanto
Component: haproxyAssignee: Ryan O'Hara <rohara>
Status: CLOSED ERRATA QA Contact: Brandon Perkins <bperkins>
Severity: low Docs Contact:
Priority: unspecified    
Version: rh-haproxy18CC: jorton, pasik, tborcin
Target Milestone: ---Keywords: Reopened
Target Release: 3.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rh-haproxy18-haproxy-1.8.15-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-11 12:01:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description taszanto 2018-06-27 15:40:48 UTC 
Description of problem:
ALPN (the alpn bind directive) can't be used in the haproxy.cfg file.

Version-Release number of selected component (if applicable):
rh-haproxy18-3.1-2.el7.x86_64
rh-haproxy18-haproxy-1.8.4-2.el7.x86_64
rh-haproxy18-runtime-3.1-2.el7.x86_64

How reproducible:


Steps to Reproduce:
1. Configure a frontend like this:
   bind *:443 ssl crt cert.pem alpn h2,http/1.1  
2. Restart the rh-haproxy18-haproxy service
3.

Actual results:
haproxy fails to start with the following error message:
"'alpn' : library does not support TLS ALPN extension"


Expected results:


Additional info:

rh-haproxy18 was built against OpenSSL 1.0.1e, which didn't support ALPN. OpenSSL 1.0.2k should be used here, as in the HAProxy 1.5.18 package.
Comment 4 Red Hat Bugzilla Rules Engine 2019-01-11 16:23:37 UTC 
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.
Comment 8 errata-xmlrpc 2019-06-11 12:01:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1436