I am using a RedHat 7.2 with
Server Version: Apache/1.3.22 (Unix) PHP/4.0.6
mod_perl/1.26 mod_ssl/2.8.5 OpenSSL/0.9.6b
For at least a year we have been getting complaints
about people getting "Page cannot be displayed" when using IE. We have
tried disabling certain ciphers, and disabling keep alive to no
avail.
I have read MANY openssl, modssl and apache
suggestions on how to prevent this problem and none have worked.
When I turn on trace for the cipher engine I
received
[17/Dec/2001 15:33:08 11905] [info] Connection to child 6
established (server www.cartmanager.net:443, client 66.91.21.92)
[17/Dec/2001 15:33:08 11905] [info] Seeding PRNG with 2184
bytes of entropy
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Handshake:
start
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop:
before/accept initialization
[17/Dec/2001 15:33:08 11905] [debug] OpenSSL: read 11/11 bytes
from BIO#092E12D8 [mem: 09A1F068] (BIO dump follows)
[17/Dec/2001 15:33:08 11905] [debug] OpenSSL: read 43/43 bytes
from BIO#092E12D8 [mem: 09A1F073] (BIO dump follows)
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 read
client hello A
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3
write server hello A
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3
write certificate A
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3
write server done A
[17/Dec/2001 15:33:08 11905] [debug] OpenSSL: write 712/712
bytes to BIO#092E12D8 [mem: 099E78B0] (BIO dump follows)
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3
flush data
[17/Dec/2001 15:33:08 11905] [debug] OpenSSL: I/O error, 5
bytes expected to read on BIO#092E12D8 [mem: 09A1F068]
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Exit: error in
SSLv3 read client certificate A
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Exit: error in
SSLv3 read client certificate A
[17/Dec/2001 15:33:08 11905] [error] SSL handshake interrupted
by system [Hint: Stop button pressed in browser?!] (System error
follows)
[17/Dec/2001 15:33:08 11905] [error] System: Connection reset
by peer (errno: 104)
I have notice that it always fails in the
same place with either a
5 bytes expected to read
or
2 bytes expected to read
This seems to be a somewhat sporadic event... if
the person presses reload repeatedly, the page will eventually display.
However, obviously not all users will press reload until it
works....
Any ideas on how to correct this problem would be
appreciated... I have seen it in both SSLv2 and SSLv3 connections.
And, if needed I can get a complete debug dump of a
connection.
Thanks in advance.
-Jason
|
- Re: OpenSSL I/O error causing "Page can... Pierre Carette
- RE: OpenSSL I/O error causing "Page cannot ... Aaron Gee
- RE: OpenSSL I/O error causing "Page can... Bryan Field-Elliot
- RE: OpenSSL I/O error causing "Page... Aaron Gee
- Re: OpenSSL I/O error causing "... Jason
- Re: OpenSSL I/O error causing "... Robin P. Blanchard
- RE: OpenSSL I/O error causing "Page... Rajidhar Etta
- How to debug an https connection Pierre Carette
- RE: How to debug an https connection Thomas Porter, Ph.D.
- Jason