I've seen strange problems with IE5, too, but these connections have "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; DigExt)" as User-Agent. Unfortunately, changing tcp keepalive setting is not an option for us.
I don't know all the intricacies of SSL handshake, but it looks like it starts by the server trying to read 11 bytes from the client, and this is where mod_ssl may wait for a long time without checking for a timeout. Could someone point me to the place in the code where this read happens? I would hate to switch to stronghold :( Thanks, - Alex On Mon, 24 Jun 2002, Andy Osborne wrote: > I've seen this happen sometimes on our SSL servers (which do > quite a lot of traffic). A quick search of the logs for > recent connections from the same address always shows the > client as IE5.0 - which is known to be broken. The connections > seem to stall in the SSL negotiation and get killed off > but our rather intolerant tcp keepalive settings. I've never > found a real answer to the problem. > > Andy > > Alex Kotov wrote: > > > Hi Cliff, > > > > Thanks for your response. > > > > I'm using > > > > SSLRandomSeed startup builtin > > SSLRandomSeed connect builtin > > > > and 5 is definitely the file descriptor for the network connection. > > > > Is there anything else I should check? > > > > Thanks, > > - Alex > > > > > > On Mon, 24 Jun 2002, Cliff Woolley wrote: > > > > > >>On Sun, 23 Jun 2002, Alex Kotov wrote: > >> > >> > >>>After a while the server processes become stuck while waiting for > >>>the data from a socket. > >>>Running strace on a hung process produces > >>>read(5, > >>>for a long time, eventually followed by > >>>read(5, 0x959d2d8, 11) = -1 ETIMEDOUT (Connection timed out) > >>> > >>Are you sure that file descriptor 5 is the connection to the client? > >> > >>What SSLRandomSeed are you using? This sounds like one of those > >>/dev/random not-enough-entropy problems to me. > >> > >>--Cliff > >> > >> > >>______________________________________________________________________ > >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >>User Support Mailing List [EMAIL PROTECTED] > >>Automated List Manager [EMAIL PROTECTED] > >> > >> > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > > > > -- > Andy Osborne **************** "Vertical B2B Communities" > Senior Internet Engineer > Sift Group 100 Victoria Street, Bristol BS1 6HZ > tel:+44 117 915 9600 fax:+44 117 915 9630 http://www.sift.co.uk > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
