http://www.rtfm.com/ssldump/
Or another possibility altogether... I had a problem which looked similar to this which was some solaris specific mutex bug which meant that child processes did not get released properly after certain types of SSL connections - this was fixed only with rev 1.3.24, and also by adding 'AcceptMutex pthread' to the config file.
Alex Kotov wrote:
I've seen strange problems with IE5, too, but these connections have "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; DigExt)" as User-Agent. Unfortunately, changing tcp keepalive setting is not an option for us.I don't know all the intricacies of SSL handshake, but it looks like it starts by the server trying to read 11 bytes from the client, and this is where mod_ssl may wait for a long time without checking for a timeout. Could someone point me to the place in the code where this read happens? I would hate to switch to stronghold :( Thanks, - Alex On Mon, 24 Jun 2002, Andy Osborne wrote:I've seen this happen sometimes on our SSL servers (which do quite a lot of traffic). A quick search of the logs for recent connections from the same address always shows the client as IE5.0 - which is known to be broken. The connections seem to stall in the SSL negotiation and get killed off but our rather intolerant tcp keepalive settings. I've never found a real answer to the problem. Andy Alex Kotov wrote:Hi Cliff, Thanks for your response. I'm using SSLRandomSeed startup builtin SSLRandomSeed connect builtin and 5 is definitely the file descriptor for the network connection. Is there anything else I should check? Thanks, - Alex On Mon, 24 Jun 2002, Cliff Woolley wrote:On Sun, 23 Jun 2002, Alex Kotov wrote:After a while the server processes become stuck while waiting for the data from a socket. Running strace on a hung process produces read(5, for a long time, eventually followed by read(5, 0x959d2d8, 11) = -1 ETIMEDOUT (Connection timed out)Are you sure that file descriptor 5 is the connection to the client? What SSLRandomSeed are you using? This sounds like one of those /dev/random not-enough-entropy problems to me. --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]-- Andy Osborne **************** "Vertical B2B Communities" Senior Internet Engineer Sift Group 100 Victoria Street, Bristol BS1 6HZ tel:+44 117 915 9600 fax:+44 117 915 9630 http://www.sift.co.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
