Am 01.10.2015 um 15:08 schrieb Reindl Harald:
Am 01.10.2015 um 14:53 schrieb Plüm, Rüdiger, Vodafone Group:not really, i had the error message just now again in FF, the difference was that now a "try again" loaded the page but with "SSLStaplingReturnResponderErrors" i would expect it invisible to clients in general - GoDaddy seems to have massive problems with their responders the last days and the defaults with stapling enabled make them to a perfect DOS target [Thu Oct 01 13:33:01.179365 2015] [ssl:error] [pid 19312] [client 10.0.0.99:37860] AH01980: bad response from OCSP server: (none) [Thu Oct 01 13:33:01.179393 2015] [ssl:error] [pid 19312] AH01941: stapling_renew_response: responder error SSLStaplingCache shmcb:/var/cache/mod_ssl/ocsp_cache(1048576) SSLStaplingStandardCacheTimeout 86400 SSLStaplingErrorCacheTimeout 300 SSLStaplingReturnResponderErrors OffWhat happens if you set SSLStaplingFakeTryLater off in addition?i added that now and will have a look over the serverlogs, it's not happening all the time but very often and so if the logs are clear within 24 hours the problem is likely solved
looks not that good - "Connection reset by peer" indicates a failed client request, the other lines could be just internal
[Thu Oct 01 15:15:01.495986 2015] [ssl:error] [pid 17468] (104)Connection reset by peer: [client 81.223.20.5:55156] AH01977: failed reading line from OCSP server [Thu Oct 01 15:15:01.496037 2015] [ssl:error] [pid 17468] [client 81.223.20.5:55156] AH01980: bad response from OCSP server: (none) [Thu Oct 01 15:15:01.496057 2015] [ssl:error] [pid 17468] AH01941: stapling_renew_response: responder error
signature.asc
Description: OpenPGP digital signature
