This kind of problem is notoriously difficult to reproduce and will require an extensive code review on my part to identify where the problem may be occurring. It is possible that I am doing/not doing something in the code that is contributing to this. I'll see if I can track down the problem, but it may have to wait a few weeks as I have other work in front of this.
/s.
On Nov 12, 2003, at 10:39 PM, William Scott Jordan wrote:
Hello everybody!
I'm having some trouble with ns_openssl. At least I suspect that it's an ns_openssl issue, since I've only had complaints about this problem on secure pages. Here's what's happening: At random intervals, I'm getting generic "unable to load page" errors. Like I said, It only happens on secure pages, and it seems to only occur with IE (but I'm not 100% sure on that). The part that has me confused is that it doesn't leave any message at all in the logs. Even the ns_log log doesn't show an attempted hit. Naturally, I can't reproduce the problem, and when it does happen, hitting reload doesn't cause it to happen a second time. Based on the traffic to the site and the number of complaints, I'm guessing that it's happening once out of every 100 or so page views.
I've tried ns_openssl 1.1c and 2.1a and the problem occurs with both. As for the rest of the system, I'm running OpenSSL v0.9.7c on Redhat 7.3 with AOLserver 3.5.6, and my configuration for ns_openssl looks like this:
# NSD-driven connections: ns_param ServerPort $httpsport ns_param ServerHostname $host ns_param ServerAddress $address ns_param ServerCertFile certfile.pem ns_param ServerKeyFile keyfile.pem ns_param ServerProtocols "SSLv2, SSLv3, TLSv1" ns_param ServerCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ns_param ServerSessionCache true ns_param ServerSessionCacheID 1 ns_param ServerSessionCacheSize 512 ns_param ServerSessionCacheTimeout 300 ns_param ServerPeerVerify false ns_param ServerPeerVerifyDepth 3 ns_param ServerCADir ca ns_param ServerCAFile ca.pem ns_param ServerTrace false
# For listening and accepting SSL connections via Tcl/C API: ns_param SockServerCertFile certfile.pem ns_param SockServerKeyFile keyfile.pem ns_param SockServerProtocols "SSLv2, SSLv3, TLSv1" ns_param SockServerCipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" ns_param SockServerSessionCache true ns_param SockServerSessionCacheID 2 ns_param SockServerSessionCacheSize 512 ns_param SockServerSessionCacheTimeout 300 ns_param SockServerPeerVerify false ns_param SockServerPeerVerifyDepth 3 ns_param SockServerCADir internal_ca ns_param SockServerCAFile internal_ca.pem ns_param SockServerTrace false
Any insight on this would be greatly appreciated.
Thanks,
Scott
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.