>Synopsis: Mishandling of SSL/TLS connections
>Category: system
>Environment:
System : OpenBSD 6.8
Details : OpenBSD 6.8 (GENERIC.MP) #98: Sun Oct 4 18:13:26 MDT 2020
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
Since upgrading to the anniversary edition, at least some SSL/TLS
connections through haproxy to an nginx back-end are mishandled
... somewhere.
The symptom is that some clients gets stuck (including OpenBSD's
own ftp(1)).
This behavior is new with OpenBSD 6.8. Downgrading just haproxy to
the release from 6.7 (haproxy-2.0.14) from the provided one (2.0.17p0)
does not make a difference.
>How-To-Repeat:
ftp https://cf.tzecmaun.org/allsky/allsky-current.png
>Fix:
dmesg:
OpenBSD 6.8 (GENERIC.MP) #98: Sun Oct 4 18:13:26 MDT 2020
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2129068032 (2030MB)
avail mem = 2049548288 (1954MB)
random: boothowto does not indicate good seed
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x7fedf000 (38 entries)
bios0: vendor Phoenix Technologies LTD version "1.1a" date 04/03/2008
bios0: Supermicro X7SBi
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP DMAR MCFG APIC BOOT SPCR SSDT SSDT SSDT SSDT SSDT SSDT
SSDT SSDT SSDT
acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) USB7(S5)
ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) USB6(S5)
ESB1(S5) PCIB(S5) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0xe0000000, bus 0-16
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU 3065 @ 2.33GHz, 2327.87 MHz, 06-0f-0b
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
cpu0: apic clock running at 332MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU 3065 @ 2.33GHz, 2327.50 MHz, 06-0f-0b
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR,MELTDOWN
cpu1: 4MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 24 pins
ioapic1 at mainbus0: apid 3 pa 0xfecc0000, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PXHA)
acpiprt2 at acpi0: bus -1 (PEX_)
acpiprt3 at acpi0: bus 5 (EXP1)
acpiprt4 at acpi0: bus 13 (EXP5)
acpiprt5 at acpi0: bus 15 (EXP6)
acpiprt6 at acpi0: bus 17 (PCIB)
acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
acpicmos0 at acpi0
"PNP0A05" at acpi0 not configured
acpibtn0 at acpi0: PWRB
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
acpivideo0 at acpi0: IGD0
cpu0: Enhanced SpeedStep 2327 MHz: speeds: 2333, 2000 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 3200/3210 Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 3200/3210 PCIE" rev 0x01: msi
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel 6702PXH PCIE-PCIX" rev 0x09
pci2 at ppb1 bus 2
"Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured
uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 17
uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18
ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 18
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
ppb2 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: msi
pci3 at ppb2 bus 5
ppb3 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: msi
pci4 at ppb3 bus 13
em0 at pci4 dev 0 function 0 "Intel 82573E" rev 0x03: msi, address
00:30:48:66:a2:d4
ppb4 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: msi
pci5 at ppb4 bus 15
em1 at pci5 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address
00:30:48:66:a2:d5
uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 23
uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 22
uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18
ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x02: apic 2 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
ppb5 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92
pci6 at ppb5 bus 17
radeondrm0 at pci6 dev 3 function 0 "ATI ES1000" rev 0x02
drm0 at radeondrm0
radeondrm0: apic 2 int 22
pciide0 at pci6 dev 4 function 0 "ITExpress IT8213F" rev 0x00: DMA
(unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide0: using apic 2 int 23 for native-PCI interrupt
pciide0: channel 0 ignored (not responding; disabled or no drives?)
pciide0: channel 1 ignored (not responding; disabled or no drives?)
pcib0 at pci0 dev 31 function 0 "Intel 82801IR LPC" rev 0x02
pciide1 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA, channel 0
configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 2 int 17 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: <ST3500320NS>
wd0: 16-sector PIO, LBA48, 476940MB, 976773168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
wd1 at pciide1 channel 1 drive 0: <ST3500320NS>
wd1: 16-sector PIO, LBA48, 476940MB, 976773168 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 6
ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 2 int 17
iic0 at ichiic0
lm1 at iic0 addr 0x2d: W83627HF
wbng0 at iic0 addr 0x2f: w83793g
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM ECC PC2-6400CL5
spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM ECC PC2-6400CL5
pciide2 at pci0 dev 31 function 5 "Intel 82801I SATA" rev 0x02: DMA, channel 0
wired to native-PCI, channel 1 wired to native-PCI
pciide2: using apic 2 int 18 for native-PCI interrupt
"Intel 82801I Thermal" rev 0x02 at pci0 dev 31 function 6 not configured
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
lm2 at wbsio0 port 0x290/8: W83627HF
lm1: disabling sensors due to alias with lm2
vmm0 at mainbus0: VMX (using slow L1TF mitigation)
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
softraid0: trying to bring up sd0 degraded
sd0 at scsibus2 targ 1 lun 0: <OPENBSD, SR RAID 1, 006>
sd0: 476937MB, 512 bytes/sector, 976767473 sectors
softraid0: roaming device -> wd0a
root on sd0a (3cf2b414839d68a3.a) swap on sd0b dump on sd0b
initializing kernel modesetting (RV100 0x1002:0x515E 0x15D9:0xD180 0x02).
radeondrm0: 1024x768, 16bpp
wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0
wsdisplay0: screen 1-5 added (std, vt100 emulation)
carp1: state transition: BACKUP -> MASTER
usbdevs:
Controller /dev/usb0:
addr 01: 8086:0000 Intel, EHCI root hub
high speed, self powered, config 1, rev 1.00
driver: uhub0
Controller /dev/usb1:
addr 01: 8086:0000 Intel, EHCI root hub
high speed, self powered, config 1, rev 1.00
driver: uhub1
Controller /dev/usb2:
addr 01: 8086:0000 Intel, UHCI root hub
full speed, self powered, config 1, rev 1.00
driver: uhub2
Controller /dev/usb3:
addr 01: 8086:0000 Intel, UHCI root hub
full speed, self powered, config 1, rev 1.00
driver: uhub3
Controller /dev/usb4:
addr 01: 8086:0000 Intel, UHCI root hub
full speed, self powered, config 1, rev 1.00
driver: uhub4
Controller /dev/usb5:
addr 01: 8086:0000 Intel, UHCI root hub
full speed, self powered, config 1, rev 1.00
driver: uhub5
Controller /dev/usb6:
addr 01: 8086:0000 Intel, UHCI root hub
full speed, self powered, config 1, rev 1.00
driver: uhub6
Controller /dev/usb7:
addr 01: 8086:0000 Intel, UHCI root hub
full speed, self powered, config 1, rev 1.00
driver: uhub7
