On Mon, 2020-10-19 at 11:45 +0200, Sebastian Parschauer wrote:
Hi,
I've reported issues in SSL handling before which cause tools to hang and cause port 443 RSTs in the tcpdump. Since 2017 I maintain a custom osc SSL patch/fix package. Leap 15.0 didn't even install without a libcurl fix for zypper. But my patches fixing SSL handling in those tools haven't been accepted although they are correct.
After the upgrade to Leap 15.2, I had so unfortunate timing with my fast LAN/cable modem based internet connection that Firefox and Chromium couldn't load any tabs any more (all of them hanging in SSL handling). I've removed the ad blocker and Firefox didn't even start any more. I've executed "firefox -d gdb" and noticed that it crashes with a SEGFAULT in SSL handling at startup. Then I wanted to write this email and I noticed that Thunderbird was not able to download any email and the email window where I started writing crashed.
My employer forces me to use Chromium/Chrome due to the need for a special plugin. So I've installed the Epiphany browser to download latest Chrome. That one is really fast in loading https websites. I tested latest Chrome and that one is also not able to load any HTTPS website tab. Also RSTs in the tcpdump. So Leap 15.2 is unusable for me. I've rolled back to the full disk backup before upgrading.
I cannot fix SSL handling in three complex tools at once all by myself. For me it looks like I have to reinstall a distro as a workaround and I would choose Ubuntu as I can easily skip a faulty release there and can stay longer on a proper one. Using wireless connections with unpredictable high latency and harmful pulsed microwave radiation as a workaround is no option for me.
Any chance to extend Leap 15.1 support until 15.3 release?
openSUSE Leap 15.1 had release interlock where we've agreed on resources and lifecycle from openSUSE Leap 15.1 with the maintenance team. Both Leap 15.1 and Leap 15.2 follows the standard rule as described on https://en.opensuse.org/Lifetime Leap 15.3 did not go through interlock yet, therefore the maintenance plan is still an open topic. Unfortunately, Leap doesn't have the resources to provide such a service. If the 15.1 code stream is business-critical to you then I suggest you migrate to SLE 15 SP1. The fear of differences is something that 15.2 and 15.3 releases are trying to address.
IMHO an SSL stability initiative is required - even independent of vendors. If anybody else noticed slow browser tabs, slow https file downloads, slow email downloads, or plain hanging, then I'd be glad to team up to join forces against SSL network state machine violations.
Cheers, Sebastian -- Best regards
Luboš Kocman Release Manager openSUSE Leap SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer