On 2010/10/18 02:09, p...@cvs.openbsd.org wrote: > Synopsis: relayd check https - ssl read timeout > > State-Changed-From-To: open->closed > State-Changed-By: pyr > State-Changed-When: Mon Oct 18 02:08:14 MDT 2010 > State-Changed-Why: > This is not a bug, the default timeout is 200ms which is > a bit short for https sessions, the timeout should be > set when checking https sessions.
If this is not a bug then it's an omission from the manual. So how should we handle it? Something like this? Index: relayd.conf.5 =================================================================== RCS file: /cvs/src/usr.sbin/relayd/relayd.conf.5,v retrieving revision 1.114 diff -u -p -r1.114 relayd.conf.5 --- relayd.conf.5 1 Aug 2010 22:18:35 -0000 1.114 +++ relayd.conf.5 18 Oct 2010 08:25:13 -0000 @@ -268,6 +268,11 @@ HTTP/1.1 200 OK .Ic code Ar number .Xc This has the same effect as above but wraps the HTTP request in SSL. +The value of +.Ic timeout +should be increased above the default if +.Ic check https +is used. .It Xo .Ic check http Ar path .Op Ic host Ar hostname As far as I can tell this has to be done globally at present. The manual talks about a per-table timeout but the only place it's accepted is in tablespec (e.g. 'forward to <foo> timeout 500 check https "/" code 200') and this doesn't seem to change anything.