Hi, On Mon, Oct 19, 2020 at 11:45:51AM +0200, Sebastian Parschauer wrote:
Hi,
I've reported issues in SSL handling before which cause tools to hang and cause port 443 RSTs in the tcpdump. Since 2017 I maintain a custom osc SSL patch/fix package. Leap 15.0 didn't even install without a libcurl fix for zypper. But my patches fixing SSL handling in those tools haven't been accepted although they are correct.
After the upgrade to Leap 15.2, I had so unfortunate timing with my fast LAN/cable modem based internet connection that Firefox and Chromium couldn't load any tabs any more (all of them hanging in SSL handling). I've removed the ad blocker and Firefox didn't even start any more. I've executed "firefox -d gdb" and noticed that it crashes with a SEGFAULT in SSL handling at startup. Then I wanted to write this email and I noticed that Thunderbird was not able to download any email and the email window where I started writing crashed.
My employer forces me to use Chromium/Chrome due to the need for a special plugin. So I've installed the Epiphany browser to download latest Chrome. That one is really fast in loading https websites. I tested latest Chrome and that one is also not able to load any HTTPS website tab. Also RSTs in the tcpdump. So Leap 15.2 is unusable for me. I've rolled back to the full disk backup before upgrading.
I cannot fix SSL handling in three complex tools at once all by myself. For me it looks like I have to reinstall a distro as a workaround and I would choose Ubuntu as I can easily skip a faulty release there and can stay longer on a proper one. Using wireless connections with unpredictable high latency and harmful pulsed microwave radiation as a workaround is no option for me.
Any chance to extend Leap 15.1 support until 15.3 release?
IMHO an SSL stability initiative is required - even independent of vendors. If anybody else noticed slow browser tabs, slow https file downloads, slow email downloads, or plain hanging, then I'd be glad to team up to join forces against SSL network state machine violations.
To be very frank, what you are describing sounds like your employeer or Internet provider deploys a SSL man-in-the-middle proxy which is not fully standards compliant and causes troubles. Is this assumption correct? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org