Summary: | Errors during SSL handshake | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Brendon Matthews <brendonm> |
Component: | mod_ssl | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | REOPENED --- | ||
Severity: | blocker | CC: | szg0000 |
Priority: | P2 | ||
Version: | 2.2.4 | ||
Target Milestone: | --- | ||
Hardware: | Sun | ||
OS: | OpenBSD |
Description
Brendon Matthews
2008-02-27 18:09:44 UTC
I have just implemented the workaround suggested in bug 43218, but the problem still persists. But from the looks of it, this could be related. It looks like it's only happening when 2 or more requests come in at around the same time, suggesting some kind of synchronization issue between requests? I wondered if perhaps it was something to do with the SSL Session Cache: SSLSessionCache shm:logs/ssl_scache(512000) Once apache is started i can see the following in the logs: [Fri Feb 29 09:04:29 2008] [info] Shared memory session cache initialised However, it looks like the shared memory file is never created. There is no file named ssl_scache in my logs directory, and there are no shared memory segments showing up either: # ipcs Message Queues: T ID KEY MODE OWNER GROUP Shared Memory: T ID KEY MODE OWNER GROUP Semaphores: T ID KEY MODE OWNER GROUP Whatever value i use for SSLSessionCache appears to make no difference to the stability of the server. I get the same sort of problem with the SSLMutex directive: SSLMutex file:logs/ssl_mutex - No file is ever created I hope all this helps. Please give a minimal configuration which reproduces this error. Configs are as follows: <VirtualHost *:80> DocumentRoot "/var/apache2/htdocs" ServerName default.myhost.com ServerAdmin me@something.com </VirtualHost> <VirtualHost 192.168.1.16:443> DocumentRoot /var/web/test ServerName test.myhost.com ServerAdmin me@something.com SSLEngine on SSLCertificateFile /etc/apache2/server.crt SSLCertificateKeyFile /etc/apache2/server.key CustomLog logs/testsite.ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SetEnvIf User-Agent ".*MSIE.*" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost> <VirtualHost 192.168.1.16:40002> DocumentRoot /var/web/test2 ServerName test2.myhost.com ServerAdmin me@something.com SSLEngine on SSLCertificateFile /etc/apache2/server2.crt SSLCertificateKeyFile /etc/apache2/server2.key CustomLog logs/testsite2.ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SetEnvIf User-Agent ".*MSIE.*" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost> <VirtualHost 192.168.1.16:40003> DocumentRoot /var/web/test3 ServerName test3.myhost.com ServerAdmin me@something.com SSLEngine on SSLCertificateFile /etc/apache2/server3.crt SSLCertificateKeyFile /etc/apache2/server3.key CustomLog logs/testsite3.ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SetEnvIf User-Agent ".*MSIE.*" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost> NOTE: I get the same results when i configure 3 different IP addresses using port 443, but this is an easier configuration to test. *** This bug has been marked as a duplicate of bug 2 *** Reopen if still an issue. |