Bug 57511

Summary: Opening plain TCP Socket on SSL port causes denial of new connections
Product: Apache httpd-2 Reporter: Matt Hauck <matthauck>
Component: mpm_winntAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: major    
Priority: P2    
Version: 2.4.10   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Matt Hauck 2015-01-28 18:33:54 UTC
Found this problem the other day. Could very easily lead to a denial of service on any windows apache instance using SSL. 

1. Configure httpd with an SSL enabled port
2. Open a browser to some page over SSL
3. Open a plain TCP client socket to that port
4. Refresh the browser and notice it hangs until the plain TCP client socket is closed. 

This is true whether the browser is on the same machine as the plain TCP client socket, or whether the browser is located somewhere else entirely. 

To be clear, in this situation, it is only http traffic that is hung. If I try to open new TCP connections when httpd is in this state, they complete successfully. But http requests do not receive any response, apparently waiting for httpd to service them; httpd is presumably blocking and waiting for a SSL handshake or something.

I was only able to reproduce this on windows. I tried this against a linux box setup with the worker mpm (seems closest conceptually to the winnt mpm), and it did not hang in the same way the windows implementation did, so I assume the problem is there. 

note: this appears to be a different issue from bug #37791, since there is no segfault / crash.