Bug 57511 - Opening plain TCP Socket on SSL port causes denial of new connections
Summary: Opening plain TCP Socket on SSL port causes denial of new connections
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mpm_winnt (show other bugs)
Version: 2.4.10
Hardware: PC All
: P2 major (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-28 18:33 UTC by Matt Hauck
Modified: 2015-01-28 18:33 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Hauck 2015-01-28 18:33:54 UTC
Found this problem the other day. Could very easily lead to a denial of service on any windows apache instance using SSL. 

Problem:
1. Configure httpd with an SSL enabled port
2. Open a browser to some page over SSL
3. Open a plain TCP client socket to that port
4. Refresh the browser and notice it hangs until the plain TCP client socket is closed. 

This is true whether the browser is on the same machine as the plain TCP client socket, or whether the browser is located somewhere else entirely. 

To be clear, in this situation, it is only http traffic that is hung. If I try to open new TCP connections when httpd is in this state, they complete successfully. But http requests do not receive any response, apparently waiting for httpd to service them; httpd is presumably blocking and waiting for a SSL handshake or something.

I was only able to reproduce this on windows. I tried this against a linux box setup with the worker mpm (seems closest conceptually to the winnt mpm), and it did not hang in the same way the windows implementation did, so I assume the problem is there. 

note: this appears to be a different issue from bug #37791, since there is no segfault / crash.