Full_Name: Jason Terry Version: mod_ssl/2.8.5 OS: RedHat Linux 7.2 (fully up2dated) Submission from: (NULL) (207.173.85.120)
Please note I have read up on this to try to find the problem, and all the fixes labeled on the message archives do not work. I have tried SSLSessionCache shmcb:/usr/local/apache/logs/ssl_scache(512000) SSLSessionCacheTimeout 600 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP SetEnvIf User-Agent ".*MSIE.*" "nokeepalive" "ssl-unclean-shutdown" "downgrade-1.0" "force-response-1.0" When I turn on trace for the cipher engine I received [17/Dec/2001 15:33:08 11905] [info] Connection to child 6 established (server www.cartmanager.net:443, client 66.91.21.92) [17/Dec/2001 15:33:08 11905] [info] Seeding PRNG with 2184 bytes of entropy [17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Handshake: start [17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: before/accept initialization [17/Dec/2001 15:33:08 11905] [debug] OpenSSL: read 11/11 bytes from BIO#092E12D8 [mem: 09A1F068] (BIO dump follows) [17/Dec/2001 15:33:08 11905] [debug] OpenSSL: read 43/43 bytes from BIO#092E12D8 [mem: 09A1F073] (BIO dump follows) [17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 read client hello A [17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 write server hello A [17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 write certificate A [17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 write server done A [17/Dec/2001 15:33:08 11905] [debug] OpenSSL: write 712/712 bytes to BIO#092E12D8 [mem: 099E78B0] (BIO dump follows) [17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 flush data [17/Dec/2001 15:33:08 11905] [debug] OpenSSL: I/O error, 5 bytes expected to read on BIO#092E12D8 [mem: 09A1F068] [17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Exit: error in SSLv3 read client certificate A [17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Exit: error in SSLv3 read client certificate A [17/Dec/2001 15:33:08 11905] [error] SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [17/Dec/2001 15:33:08 11905] [error] System: Connection reset by peer (errno: 104) I have notice that it always fails in the same place with either a 5 bytes expected to read (for SSLv3) or 2 bytes expected to read (for SSLv2) This seems to be a somewhat sporadic event happening about 1 in 500 connections... if the person presses reload repeatedly, the page will eventually display. However, obviously not all users will press reload until it works.... Any ideas on how to correct this problem would be appreciated... I have seen it in both SSLv2 and SSLv3 connections. And, if needed I can get a complete debug dump of a connection. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
