I've sussed the problem, and thought I'd feed the result back, in case someone else is similarly stumped. Issue 1: I removed gdbm from the apache build, and got 'mm' added. This resolved (by me simple guessing analysis) about 5-10 % of the cache misses. Possible gdbm on my box has issues? I didn't have mm as when I last did a build there was some compile issue I never followed up...? Issue 2: This was the killer - MSIE clients were getting asked for their certs every couple of minutes, forcing them to switch security down low. Some reseach showed up doument q265369 on support.microsoft.com. The gist of the article is that SSL negotiation has been screwed in IE5, 5.01, 5.01SP1, 5.5 on windows NT. Renegotiation timing is set to 2 minutes by default in these versions. Doing the registry change from the doco appears to have removed the issue from my test systems. L8r, ##Previously sam_campbell wrote: Hi, (This time I might remember to set a subject field....) I am runing Apache/1.3.12 mod_ssl/2.6.6 OpenSSL/0.9.5a) running on 64bit HPUX 11.00. I continue to have issues with session caching. I have logging below that shows the behaviour. Basically it shows a session (SET) and a MISS about a minute later. All I can see is the pid's of the threads are different, so it apears that one of the threads cannot get a session from the gdbm database (?). I am using gdbm 1.8 if this is relevent. a grep on MISSED in the logs show that all httpd threads have MISSED the cache at some stage. I've noticed that the protocol used (sslv3/tls) doesn't appear to have a bearing on the gdbm misses. Because we are using user certs, this is making the access to the website unpleasant (to say the least :) Any ideas?? Here are the logs, (note all are within 1 minute - I've removed the times to make it more legible. [ 04452] [trace] Certificate Verification: depth: 3, subject: /O=xxx [ 04452] [trace] Certificate Verification: depth: 2, subject: /C=xxx [ 04452] [trace] Certificate Verification: depth: 1, subject: /C=xxx [ 04452] [trace] Certificate Verification: depth: 0, subject: /C=xxxTEST2/Email=xxx@workcover. [ 04452] [trace] OpenSSL: Loop: SSLv3 read client certificate A [ 04452] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [ 04452] [trace] OpenSSL: Loop: SSLv3 read certificate verify A [ 04452] [trace] OpenSSL: Loop: SSLv3 read finished A [ 04452] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [ 04452] [trace] OpenSSL: Loop: SSLv3 write finished A [ 04452] [trace] OpenSSL: Loop: SSLv3 flush data [ 04452] [trace] Inter-Process Session Cache: request=SET status=OK id=4259EB615AAD42EC44217EC51E5EB76EE703B9D7F0042BA6BE81311C453AF43E timeout=3582s (session caching) [ 04452] [trace] OpenSSL: Handshake: done [ 04452] [info] Connection: Client IP: 172.20.11.220, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits) [ 04452] [info] Initial (No.1) HTTPS request received for child 9 (server aaa.com:443) ...snip... logs not needed anymore ...snip... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
