Bug 2373189 - [Cephadm][RGW-QAT]: Ingress over QAT fails if the backend RGW also has QAT enabled
Summary: [Cephadm][RGW-QAT]: Ingress over QAT fails if the backend RGW also has QAT en...
Keywords:
Status: ASSIGNED
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: Build
Version: 8.1
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 9.0z1
Assignee: Justin Caratzas
QA Contact: Vinayak Papnoi
Rivka Pollack
URL:
Whiteboard:
Depends On:
Blocks: 2388233
TreeView+ depends on / blocked
 
Reported: 2025-06-17 15:29 UTC by Tejas
Modified: 2025-12-01 12:27 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
.QAT cannot be used for TLS offload or acceleration mode together with SSL set Enabling QAT on HAProxy with SSL enabled injects legacy OpenSSL engine directives. The legacy OpenSSL engine path breaks the TLS handshake, emitting the `tlsv1 alert internal error` error. With the TLS handshake broken, the TLS termination fails. As a workaround, disable the QAT at HAProxy in order to keep the TLS handshake. Set the configuration file specifications as follows: * `haproxy_qat_support: false` * `ssl: true` As a result, QAT is disabled and the HAProxy TLS works as expected. NOTE: Under heavy connection rates higher CPU usage may be seen versus QAT-offloaded handshakes.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHCEPH-11629 0 None None None 2025-06-17 15:29:36 UTC

Internal Links: 2353516

Description Tejas 2025-06-17 15:29:10 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Note You need to log in before you can comment on or make changes to this bug.