Skip to content

Tests: Adding split coverage for http and stream for ssl-handshake-rtt#40

Open
MozerBYU wants to merge 2 commits into
nginx:masterfrom
MozerBYU:ssl-handshake-rtt-tests
Open

Tests: Adding split coverage for http and stream for ssl-handshake-rtt#40
MozerBYU wants to merge 2 commits into
nginx:masterfrom
MozerBYU:ssl-handshake-rtt-tests

Conversation

@MozerBYU
Copy link
Copy Markdown

@MozerBYU MozerBYU commented Mar 27, 2026
edited
Loading

Proposed changes

The following are regression tests for ssl-handshake-rtt. See Nginx PR: nginx/nginx#1225. These ensure that the proposed ssl-handshake-rtt variable code additions to ngx_http_ssl_module.c, ngx_event_openssl.c and ngx_stream_ssl_module.c behaves as expected in the following test cases:

  • Installed/utilized OpenSSL < 3.2: as OpenSSL 3.2+ is required for this new functionality to work, the guard in the code in ngx_event_openssl.c takes care of error handling such that code execution is prohibited unless the required OpenSSL version is met. For any logged Nginx ssl-handshake-rtt variable data it will have an empty value.
  • Installed/utilized OpenSSL >= 3.2: in this case the code execution will proceed past the guard and the SSL_get_handshake_rtt function will be called returning a value in microseconds (μs).
  • TLS < 1.2 is employed: in this case downstream OpenSSL will take care of the error handling, and a 0 value is returned by SSL_get_handshake_rtt. For any logged Nginx ssl-handshake-rtt variable data it will have an empty value.
  • OpenSSL Internal error or unable to calculate TLS RTT: in this case downstream OpenSSL is configured such that a 0 value is returned by SSL_get_handshake_rtt. For any logged Nginx ssl-handshake-rtt variable data it will have an empty value.

Tested systems

Alpine 3.18, Alpine 3.23.3, Debian 12.10, Debian 13, Fedora 40, Kali Linux 2026.1, RedHat Enterprise Linux 10.1, Rocky Linux 8.9/8.10, Rocky Linux 9.3/9.8, Rocky Linux 10.1, Ubuntu 24.04, Ubuntu 25.10, Ubuntu 26.04.

Note: due to local environmental setup problems Alma Linux 9, Alma Linux 10.1, FreeBSD 10, Windows Server 2019 Standard were attempted, but not tested.

Checklist

Before creating a PR, run through this checklist and mark each as complete:

  • [✅] I have read the contributing guidelines.
  • [✅] I have signed the F5 Contributor License Agreement (CLA).
  • [✅] If applicable, I have added tests that prove my fix is effective or that my feature works.
  • [✅] If applicable, I have checked that any relevant tests pass after adding my changes.
  • [✅] I have updated any relevant documentation (README.md and/or CHANGELOG.md).
    -> Note: did not see anything to update in README.md, and did not see a CHANGELOG.md to modify.

@MozerBYU MozerBYU changed the title Ssl handshake rtt tests Tests: Adding split coverage for http and stream for ssl-handshake-rtt Mar 27, 2026
@MozerBYU MozerBYU mentioned this pull request Mar 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MozerBYU