So I've compilied mod_ssl/apache to include the ssl_experimental, and I am getting this error... [root@www11-la1 conf]# /u1/httpd/bin/apachectl configtest Use of uninitialized value at /usr/lib/perl5/site_perl/5.005/i386-linux/PFProAPI.pm line 47. Syntax error on line 414 of /u1/httpd/conf/httpd.conf: SSLSessionCache: shared memory cache not useable on this platform I am running RedHat Linux, apache 1.3.19, modssl 2.8.1, openssl 0.9.6, mm 1.1.3, and mod_perl 1.25. My compile options are attached, can anyone see what I am missing? Is this platform supported with this option? Thanks, max -----Original Message----- From: David Rees [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 22, 2001 1:12 PM To: [EMAIL PROTECTED] Subject: RE: Which SSLSessionCache to use for best performance? Hi Max, > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Max Clark > > Hi all. > > I have been tuning my web farm (for the past 6 months now), and > have had the > typical MSIE SSL issues along the way. I stumbled across a post today > regarding the SSLSessionCache (my config is below), and my > question is which > session cache will give the best performance for my system? > > I need to support every browser possible, and my servers each > recieve about > 300K page views a day. I'm running Apache 1.3.17, mod_ssl 2.8.0, openssl > 0.9.6 on Linux. > > I saw a reference for SSL_EXPERIMENTAL as a compile option, can anyone > explain that to me? > > Also, could anyone give me tuning advice for the size of the ssl_cache? In a basic mod_ssl installation, there is only one session cache available, the "dbm" session cache. This is also the slowest session cache (aside from not having one, of course). It is also known to be unreliable on some platforms. If you compile the mm library into mod_ssl, this allows you to use a shared memory session cache ("shm" or "shmht"). In my benchmarks (not real world situations) this improved performance by about 30% on the SGI IRIX server I was using. If you compile the mm library into mod_ssl, and turn on the SSL_EXPERIMENTAL flag during the configuration stage of apache, you get another shared memory cache ("shmcb") which is supposed to be faster and more robust than the standard shared memory cache. This code was donated by the folks at Stronghold (who use mod_ssl in their server) and should be better under load than the standard shared memory cache. I didn't see any performance difference with this cache over the standard "shmht" cache. FWIW, I've been using the "shmcb" cache in all my servers (various IRIX and Linux machines) with no problems under various light to moderate (1 million hits/day) load. As for tuning advice for the size of the shared memory cache, it seems that every ssl_session uses right around 140-150 bytes per session. This means that with the default session cache size of 512000 bytes, you can support about 3500 concurrent users before the cache fills up and the server starts expiring sessions early. There is no limit on the number of sessions cached when using the dbm cache. I usually double the size of the session cache (1024000) and also double the length that a session can be cached for. You'll want to avoid letting the cache get too full (over 75-80%) since the performance of the cache will likely start to drop at that point. -Dave ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
o Apache + mod_ssl/OpenSSL + mod_perl/Perl --------------------------------------- Steps: # extract the packages gzip -d -c apache_1.3.x.tar.gz | tar xvf - gzip -d -c mod_ssl-2.8.x-1.3.x.tar.gz | tar xvf - gzip -d -c mod_perl-1.xx.tar.gz | tar xvf - gzip -d -c openssl-0.9.x.tar.gz | tar xvf - gzip -d -c mm-1.1.x.tar.gz | tar xvf - # configure and build the OpenSSL library cd openssl-0.9.x sh config make make test cd .. # configure and build the Memory Manager cd mm-1.1.x ./configure --disable-shared make cd .. # apply mod_ssl to Apache source tree cd mod_ssl-2.8.x-1.3.x ./configure \ --with-apache=../apache_1.3.x cd .. # increase the Apache hard server limit from 256 to 1024 vi apache_1.3.x/src/include/httpd.sh # apply mod_perl to Apache source tree # and build/install the Perl-side of mod_perl cd mod_perl-1.xx perl Makefile.PL \ USE_APACI=1 \ EVERYTHING=1 \ SSL_BASE=../openssl-0.9.6 \ EAPI_MM=../mm-1.1.3 \ APACHE_PREFIX=/u1/httpd \ APACI_ARGS='--enable-module=ssl,--enable-rule=SSL_EXPERIMENTAL,--enable-module=rewrite,--enable-module=so,--disable-module=userdir' make make test make install cd .. # cleanup after work rm -rf mod_perl-1.xx rm -rf mod_ssl-2.8.x-1.3.x rm -rf apache_1.3.x rm -rf openssl-0.9.x rm -rf mm-1.1.x