I've been banging my head for a day or so on this. We have a website and when I surf it with firefox 2.0, I see a bunch of requests, then a large gap when nothing happens, then another bunch of request, then a gap. I can't think what different on this setup as to why I can't see other people reporting the same thing. We only noticed it recently, although that's not to say that it wasn't there before. I've gone through all the FAQs and google searches I can think of :(
This worked okay on firefox 1.5 (1.5.dfsg+1.5.0.7-2 from debian), but we've also seen this behaviour on MSIE (7.0 I think). The gaps are as long as KeepAliveTimeout is set to in apache.conf (15sec normally) if I change it to 5 seconds then the gaps also drop to 5 seconds. The file in question is always a flash (.swf) file, the request times I see are like this: 17:22:28 17:22:29 17:22:30 17:22:31 17:22:46 17:23:01 17:23:16 (every 15secs until page is loaded) The server is Debian stable, completely up to date, I've tried everything I can find: - SSLRandomSeed was set to urandom (startup) and builtin (connect) I've tried setting this to both urandom and builtin across the board - I've changed the Sessioncache from dbm to shmcb, shmht, none - I've removed some external URLs which were occuring and that's not helped at all either. - I've tried matching the User-Agent and turning off keepalive, all three shutdowns, etc. Apache - /2.0.54 openssl - 0.9.7e-3sarge4 With info level debugging I'm seeing this: [Thu Nov 30 10:16:22 2006] [info] (70007)The timeout specified has expired: SSL input filter read failed. (lots!) .... [Thu Nov 30 17:22:31 2006] [info] (104)Connection reset by peer: core_output_filter: writing data to the network [Thu Nov 30 17:22:31 2006] [info] (104)Connection reset by peer: SSL output filter write failed. [Thu Nov 30 17:22:32 2006] [info] (104)Connection reset by peer: core_output_filter: writing data to the network [Thu Nov 30 17:22:32 2006] [info] (104)Connection reset by peer: SSL output filter write failed. [Thu Nov 30 17:22:42 2006] [info] (70014)End of file found: SSL input filter read failed. Other message which might explain things are: [Thu Nov 30 17:22:31 2006] [info] Connection to child 1 established (server staging.truphone.com:443, client 81.5.177.202) [Thu Nov 30 17:23:23 2006] [info] Connection to child 1 established (server staging.truphone.com:443, client 84.65.175.231) (no messages about it being shutdown in the middle - done silently in those error messages?) One last log which is probably a little clearer. I've turned off keepalive, pipelining, set all requests to 1 on the browser: [Thu Nov 30 18:29:19 2006] [info] Connection to child 6 established (server staging.truphone.com:443, client 81.5.177.202) [Thu Nov 30 18:29:19 2006] [info] Seeding PRNG with 512 bytes of entropy [Thu Nov 30 18:29:19 2006] [info] Connection to child 6 closed with standard shutdown(server staging.truphone.com:443, client 81.5.177.202) [Thu Nov 30 18:29:19 2006] [info] Connection to child 3 established (server staging.truphone.com:443, client 81.5.177.202) [Thu Nov 30 18:29:19 2006] [info] Seeding PRNG with 512 bytes of entropy [Thu Nov 30 18:29:20 2006] [info] Connection to child 3 closed with standard shutdown(server staging.truphone.com:443, client 81.5.177.202) [Thu Nov 30 18:29:20 2006] [info] Connection to child 8 established (server staging.truphone.com:443, client 81.5.177.202) [Thu Nov 30 18:29:20 2006] [info] Seeding PRNG with 512 bytes of entropy << now the browser sits waiting, no network traffic >> [Thu Nov 30 18:29:35 2006] [info] Connection to child 8 closed with standard shutdown(server staging.truphone.com:443, client 81.5.177.202) [Thu Nov 30 18:29:35 2006] [info] Connection to child 1 established (server staging.truphone.com:443, client 81.5.177.202) [Thu Nov 30 18:29:35 2006] [info] Seeding PRNG with 512 bytes of entropy << data is transferred, then waiting browser, no traffic >> [Thu Nov 30 18:29:50 2006] [info] Connection to child 1 closed with standard shutdown(server staging.truphone.com:443, client 81.5.177.202) So the session seems to be used, but instead of being reused, the browser sits there, eventually the server kills the session and the browser then continues.. Is there a way I can sniff the TLS/SSL traffic? I've tried ssldump but it looks like it only works with certain ciphers. Any suggestion as to other things to try would be most appeciated! Many thanks, Adrian -- Adrian Bridgett - [EMAIL PROTECTED] GPG key available on public key servers ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]