I am using apache version 2.5.53 in Linux environment. openssl version 3.0.2 is used. I know that openssl 3.0.x version officially supports kernel tls (ktls). I know that openssl 3.0.x version officially supports kernel tls (ktls). So I built using the enable-ktls option when building openssl and added SSLOpenSSLConfCmd Options KTLS to enable KTLS in apache. However, when I traced the log, it was confirmed that the following log was output. ssl_engine_io.c(586): [client xxx.xxx.xxx.xxx:xxxxx] BUG: bio_filter_in_ctrl() should not be called with cmd=76 Is there any way to use openssl's ktls function?
(In reply to paulzakk from comment #0) > I am using apache version 2.5.53 in Linux environment. > openssl version 3.0.2 is used. > I know that openssl 3.0.x version officially supports kernel tls (ktls). > > I know that openssl 3.0.x version officially supports kernel tls (ktls). So > I built using the enable-ktls option when building openssl and added > SSLOpenSSLConfCmd Options KTLS to enable KTLS in apache. > However, when I traced the log, it was confirmed that the following log was > output. > > ssl_engine_io.c(586): [client xxx.xxx.xxx.xxx:xxxxx] BUG: > bio_filter_in_ctrl() should not be called with cmd=76 > > Is there any way to use openssl's ktls function? The apache version was written incorrectly. The version I use is 2.4.53 .
That is only a debugging message - though it is wrong since it's not a bug. I think that OpenSSL's KTLS support will not be usable from httpd because mod_ssl does not use a socket BIO (OpenSSL's support for talking directly to a socket); all output from mod_ssl goes through the output filter chain so it can be interpreted/intercepted/handled elsewhere in the server.
Does mod_ssl fail in this configuration or not with 2.4.53? If it fails please give more logs. If it works but doesn't use KTLS there's probably little we can do about it in mod_ssl.
There are no mod_ssl errors in my environment. I understand that if mod_ssl doesn't use BIO, then openssl's KTLS doesn't work as you said. Thank you for answer.
Thanks for following up. I've adjusted the log messages in r1900309 - since there is not otherwise a bug here I will close this.