We have some servers that only service cURL/openssl clients and we
never see these SSL errors on those machines, regardless of load.
OTOH, we have other servers that face real people, and they tend to
log openssl errors relatively frequently. Both servers have
identical configurations (aolserver 4.0.10 / openssl 0.9.7e).
At one point, the mod_ssl guys decided there was some issue with
the MSIE ssl stack, but I'm not sure if any of it is still valid.
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49
-Andrew
On 1/26/07, Alex Kroman <[EMAIL PROTECTED]> wrote:
I can't seem to come up with a good test case that triggers this
behavior
- I have never seen this occur in Firefox (my main browser).
- Using wget in an infinite loop with varying page sizes and varying
loads does not seem to trigger it.
- Just a few minutes ago I was clicking around with Internet Explorer
and reproduced the behavior.
- The pages that trigger this behavior seem to be completely random.
This site is an Intranet for a 100 person company. I sent out a
survey
to the heaviest users of the system and 100% of the Internet Explorer
users have encountered this behavior within the past week and none of
the Apple users have.
Alex
-----Original Message-----
From: AOLserver Discussion [mailto: [EMAIL PROTECTED] On
Behalf
Of Steve Manning
Sent: Friday, January 26, 2007 12:56 AM
To: AOLSERVER@listserv.aol.com
Subject: Re: [AOLSERVER] SSL read error: bad write retry
Alex
We see this problem as well and I think its related to the system
load.
Our peak load is in October when we are averaging over 500,000
pages per
day and we have had reports of blank pages being returned during this
time.
I spoke to Dossy about it in Sept last year as I know hes been doing
some work on tidying it up but its not yet been committed. See below.
Steve
On 2006.09.20, Steve Manning < [EMAIL PROTECTED]> wrote:
>Could you give us an update on the current state of
nsopenssl.
>
>I'm currently using v3_0beta26 but I'm seeing increasing
>numbers of "SSL read error: ssl handshake failure" and "SSL
>write error: bad write retry" errors in the log as the site
>gets more busy (currently about 1.4m requests/day). I see
there
>has been some activity in CVS - v3_0beta27 and Head and I'm
>wondering if these changes are worth having and if there
>anything else in the pipeline.
I'm sitting on a whole chunk of changes ... and some of that
logging needs to be rationalized ... either demoted to "Debug"
level, or removed entirely.
At this point in time, are there any serious remaining bugs
with
nsopenssl? I'd like to finally declare "nsopenssl 3.0"
final ...
probably just call it "nsopenssl 3.1" to avoid all the
confusion
with the MANY 3.0-beta-something versions.
Lets put together a TODO list for nsopenssl_v3_r1, divide
up the
work (or, assign it all to me, doesn't matter) and I'll try to
put an estimate on it.
So: what are you (plural -- all of you) still waiting for
to be
done in nsopenssl?
-- Dossy
On Thu, 2007-01-25 at 20:12 -0600, Alex Kroman wrote:
> Our production server is getting 57,000 pageviews per day but I am
> able to replicate this behavior on a development server that I am
the
> only user on.
>
> Linux intra 2.6.8-3-686-smp #1 SMP Thu Feb 9 07:05:39 UTC 2006 i686
> GNU/Linux OpenSSL 0.9.7e
>
>
> -----Original Message-----
> From: AOLserver Discussion [mailto: [EMAIL PROTECTED] On
> Behalf Of Scott Goodwin
> Sent: Thursday, January 25, 2007 5:37 PM
> To: AOLSERVER@LISTSERV.AOL.COM
> Subject: Re: [AOLSERVER] SSL read error: bad write retry
>
> How many connections a day does your server get, and can you give me
> an estimate of the rate of connection activity when the form
> submission fails? Also, send me the output of 'uname -a' and the
> version of OpenSSL you're using.
>
> thanks,
>
> /s.
>
> On Jan 25, 2007, at 5:52 PM, Alex Kroman wrote:
>
> > Hi all,
> >
> > Every day about 1% of connections to my website result in the
> > following
> > error:
> >
> > Error: nsopenssl: SSL write error: bad write retry
> >
> > I can reproduce the error by repeatedly submiting a form.
> > Eventually one
> > of those submits will fail and give the generic Internet Explorer
> > connection error and append the "bad write retry" message to the
log.
> >
> > Has anyone run into this problem?
> >
> > I am using the stock Debian versions of AOLServer 4.0.10 and
> > nsopenssl
>
> > 3.0beta22.
> >
> > Here are some settings from my configuration file:
> >
> > ns_param maxinput [expr 1024 * 1024 * 100]
> > ns_param recvwait [expr 20 * 60]
> > ns_param socktimeout 240
> >
> > Thanks,
> > Alex
> >
> >
> > --
> > AOLserver - http://www.aolserver.com/
> >
> > To Remove yourself from this list, simply send an email to
> > <[EMAIL PROTECTED]> with the body of "SIGNOFF
AOLSERVER" in
> > the email message. You can leave the
> > Subject: field of your email blank.
>
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> < [EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in
> the email message. You can leave the Subject: field of your email
blank.
>
>
> --
> AOLserver - http://www.aolserver.com/
>
> To Remove yourself from this list, simply send an email to
> <[EMAIL PROTECTED]> with the
--
Steve Manning
Systems Engineer
Du Maurier Ltd
Tel: +44 (0)116 284 9661
Fax: +44 (0)116 284 9145
Email: [EMAIL PROTECTED]
----------------------------------------------------------------------
--
---
Any views expressed in this email and any attachments are the senders
own and do not represent the views of Du Maurier Limited. This
email and
any attachments should only be read by those persons to whom it is
addressed.
Accordingly, we disclaim all responsibility and accept no liability
(including negligence) for the consequences of any person other
than the
intended recipients acting , or refraining from acting, on such
information.
If you have received this email in error, please accept our apologies
and we simply request that you delete the email and any
attachments. Any
form of reproduction, dissemination, copying, disclosure,
modification,
distribution and/or publication of this email is strictly prohibited.
Du Maurier Limited, Tel +44 (0)116 2849661. Fax +44 (0)116 2849145
----------------------------------------------------------------------
--
----
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in
the
email message. You can leave the Subject: field of your email blank.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<[EMAIL PROTECTED] > with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<[EMAIL PROTECTED]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.