Bug 482111 - SPICE - if configured with SSL, it'll open SSL with DEFLATE compression
SPICE - if configured with SSL, it'll open SSL with DEFLATE compression
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: qspice (Show other bugs)
5.5
All Linux
medium Severity medium
: rc
: ---
Assigned To: Uri Lublin
Yaniv Kaul
http://mantis.tlv.redhat.com/view.php...
: Reopened, ZStream
Depends On:
Blocks: 527723
  Show dependency treegraph
 
Reported: 2009-01-27 13:31 EST by Yaniv Kaul
Modified: 2016-04-26 10:30 EDT (History)
13 users (show)

See Also:
Fixed In Version: qspice-0.3.0-44.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-30 04:35:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
spice: server: disable ssl compression (1.38 KB, patch)
2009-10-06 18:54 EDT, Uri Lublin
no flags Details | Diff

  None (edit)
Description Red Hat Bugzilla 2009-01-27 13:31:14 EST


---- Reported by ykaul@redhat.com 2008-07-01 10:53:14 EDT ----

The OpenSSL library on the Ubuntu I'm testing with probably has compression support (DEFLATE only, no RLE unfortunately). It therefore offers compression and the server accepts. Therefore, we open SSL with compression. This may or may not be a desired feature - it may be good for some channels, probably not the best idea for display.



--- Bug imported by bugzilla@redhat.com 2009-01-27 13:32 EDT ---

This bug was previously known as _bug_ 4294 at http://mantis.tlv.redhat.com/show_bug.cgi?id=4294

Actual time not defined. Setting to 0.0

Comment 1 Perry Myers 2009-05-05 11:33:21 EDT
On rainbow.eng.lab.tlv.redhat.com:/export/builds/sp115, qspice version is qspice-0.1.0-26.el5ovirt which is included in snap10 of RHEVH.  Moving to ON_QA.
Comment 5 errata-xmlrpc 2009-09-02 06:58:41 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1334.html
Comment 6 David Lawrence 2009-10-06 16:34:44 EDT
Reopening at the request of Uri Lublin <uril@redhat.com>.
Comment 7 Yaniv Kaul 2009-10-06 16:40:08 EDT
SP211 - happened with Windows client.
Comment 8 Uri Lublin 2009-10-06 18:38:37 EDT
I've requested the bug to be reopened, as its fix was not committed to DistCVS.
The fix was committed to git and the bug was fixed in TLV build (sp115).
But for brew builds (qspice-0.1.0-26.el5ovirt and later), it was not fixed (brew builds are built from DistCVS).
Comment 9 Uri Lublin 2009-10-06 18:48:40 EDT
Changed component to qspice, which is the component that is being fixed.

It can be fixed in either SPICE server (qspice) or SPICE clients (the bug was observed for both Linux and Windows clients). The actual fix is in SPICE server.
Comment 10 Uri Lublin 2009-10-06 18:54:48 EDT
Created attachment 363917 [details]
spice: server: disable ssl compression
Comment 12 Yaniv Kaul 2009-12-21 02:15:18 EST
Uri, is this in some 5.5 package already?
Comment 13 Uri Lublin 2009-12-21 03:29:38 EST
It's fixed in qspice-0.3.0-44.el5 (see comment #10 above)
More changes are needed though, so qspice package for 5.5 would not be 0.3.0-44
Comment 15 Yaniv Kaul 2010-01-03 03:30:48 EST
Uri, how can I test this? Apart from seeing the SSL record sizes, which may or may not be compressed (doesn't look like it, based on my knowledge on the uncompressed message sizes).
Comment 16 Uri Lublin 2010-01-05 17:58:55 EST
Start qemu-kvm such that you'll have many spice-channels use SSL.

Use wireshark (or tcpdump) to capture network Spice packets ( specifically on a port used by a secure channel of spice).

Do it for qspice-0.3.0-43.el5 and for qspice-0.3.0-44.el5.

Verify that you see SSL compression when using qspice-0.3.0-43.el5.
Verify that you do not see SSL compression when using qspice-0.3.0-44.el5.
Comment 17 Yaniv Kaul 2010-01-11 08:13:27 EST
Tested with qspice-0.3.0-50.el5: client offers compression, server does not accept it, so no compression takes place.
Comment 19 Susan Burgess 2010-03-23 21:33:45 EDT
Added to Errata

if configured with SSL, previously a SPICE client would open SSL with DEFLATE compression and the server would accept the compression, resulting in a poor display. Currently, if the client offers SSL compression, the compression is not accepted by the server.
(BZ#482111)
Comment 20 errata-xmlrpc 2010-03-30 04:35:48 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0264.html

Note You need to log in before you can comment on or make changes to this bug.