Bug 1677754
Summary: | Random failure to resume session with GnuTLS client | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Hubert Kario <hkario> |
Component: | gnutls | Assignee: | Anderson Sasaki <ansasaki> |
Status: | CLOSED ERRATA | QA Contact: | Alexander Sosedkin <asosedki> |
Severity: | low | Docs Contact: | Jan Fiala <jafiala> |
Priority: | medium | ||
Version: | 8.0 | CC: | ansasaki, asosedki, dueno, jafiala, lmanasko, nmavrogi, ssorce |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | gnutls-3.6.13-3.el8 | Doc Type: | Known Issue |
Doc Text: |
.GnuTLS tolerates longer delays during session resumption
Previously, the client implementation of the GnuTLS library negotiated a new TLS (Transport Layer Security) 1.3 session instead of resuming a previously negotiated one if the server did not send session resumption data within 50 ms. This incurred a minor performance impact on session negotiation. With this update, the client waits for an estimated round-trip time plus 100 ms. As a result, the GnuTLS client session resumption is more robust when paired with slow servers or communicating over slow network links. Additionally, for debugging purposes, you can make the client wait indefinitely by using the new `--waitresumption` option for the `--resume` option in the `gnutls-cli` utility.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-11-04 01:55:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1682477, 1689967, 1789392 | ||
Bug Blocks: |
Description
Hubert Kario
2019-02-15 19:16:01 UTC
reproduced also against OpenSSL server so looks like the issue is in GnuTLS. This issue was set to medium priority because it does not affect core functionality of a component. Upstream fix: https://gitlab.com/gnutls/gnutls/merge_requests/936 Retarget to 8.3 for the time being Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (gnutls bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4526 |