Edit report at http://bugs.php.net/bug.php?id=41631&edit=1
ID: 41631
Comment by: jason at kapoks dot co dot uk
Reported by: david at acz dot org
Summary: default_socket_timeout does not work with SSL
Status: Assigned
Type: Bug
Package: OpenSSL related
Operating System: *
PHP Version: 5.2.11
Assigned To: pajoye
New Comment:
Had this issue over the weekend with 5.2.10.
Essentially this means our entire service is vulnerable to Denial of
Service.
Linux localhost.localdomain 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT
2009 i686 i686 i386 GNU/Linux
CentOS release 5.3 (Final)
PHP 5.2.10 (cli) (built: Jun 21 2009 11:10:43)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend
Technologies
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend
Technologies
Previous Comments:
------------------------------------------------------------------------
[2010-01-18 19:16:42] wdierkes at 5dollarwhitebox dot org
This is also reproducible on 5.2.12 as described. As mentioned
previously, this has the potentially to have major effects (Denial of
Servide) etc due to processes hanging and never timing out.
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
# php -v
PHP 5.2.12 (cli) (built: Dec 17 2009 12:23:35)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
# uname -a
Linux linux 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64
x86_64 x86_64 GNU/Linux
------------------------------------------------------------------------
[2009-10-16 20:14:25] arkadi dot shishlov at gmail dot com
At least it would be helpful to set TCP keep-alive on socket so OS could
timeout it eventually, otherwise there are connections stuck for days.
------------------------------------------------------------------------
[2009-09-24 19:30:14] [email protected]
bug #48524 depends on this fix
(http://bugs.php.net/bug.php?id=48524&edit=1)
i wish , bug tracking system allowed to be able to close a bug as
duplicate of another. then, we could close 48524 as dup of this (41631).
this can also trigger the internal score for this bug to be increased
(helping in set priority etc).
------------------------------------------------------------------------
[2009-09-18 10:10:02] marcin at php4u dot co dot uk
Still can reproduce on Windows XP SP3, PHP 5.2.6
while connecting to https, script doesn't time out
------------------------------------------------------------------------
[2009-07-22 03:24:17] vergara_rh at yahoo dot com
I would greatly appreciate if this bug will be fix.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=41631
--
Edit this bug report at http://bugs.php.net/bug.php?id=41631&edit=1
