Cool, another NC person on this list, howdy from Chapel Hill, we remain
powerless, day 9 and counting, and hope to have it restored today or
tomorrow since Duke finally made it to our little nook out here in the
boonies. A backup generator has allowed this server to remain active.
If server laod with encryption is getting to be a mess, and I'm not sure
what cards AIX might support, you might wish to look into off-loading the
SSL stuff to a dedicated encryption card and move to the open-ssl-engine
code to facillitate that. Others on the list might be able to better
direct you to hardware that will function on an AIX system.
Thanks,
Ron DuFresne
On Thu, 12 Dec 2002, Dale Weaver wrote:
> We are experiencing problems under heavy traffic to our SSL site.
> I have read the FAQ on performance and have decided to switch to
> shmcb caching, but I don't know if that will help the problem.
>
> With about 300 concurrent users the server loads skyrocket and the
> server no longer spawns child processes for CGI scripts. I have the
> Apache 1.3.27 server set up for 4096 concurrent connections and have
> made all the suggested performance tuning measures suggested on the
> Apache site. This problem does not occur on the non-ssl site which
> has significantly more traffic.
>
> Can anyone offer any insight into this problem? Here are my specs:
>
> AIX 4.3.3 Dual Processor F40 w/ 1GB RAM 2GB SWAP
> Apache with mod_ssl (compiled in) 1.3.27-2.8.11
> Openssl 0.9.6g
>
> from http.conf:
> <VirtualHost hostname:443>
>
> DocumentRoot "/usr/local/apache/ssldocs"
> ServerName hostname
> ServerAdmin me
> ErrorLog /usr/local/apache/logs/error_log
> TransferLog /usr/local/apache/logs/access_log
> ScriptAlias /cgi-bin/ "/usr/local/apache/sslcgi/"
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /usr/local/apache/conf/ssl.crt/public.crt
> SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/private.key
> SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/intermediate.crt
> SSLVerifyClient none
> SSLVerifyDepth 10
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/usr/local/apache/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog /usr/local/apache/logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> </VirtualHost>
>
> Any help is appreciated.
>
> ---------------------------------------------------------------------
> Dale Weaver [EMAIL PROTECTED]
>
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
