Based on some reports I've read on the Apache list I am going to try testing with keepalive turned off and then only using SSLv2. Unfortunately due to some time constraints I probably won't be able to report my results today.
Thanks for all the help so far! Alex -----Original Message----- From: AOLserver Discussion [mailto:[EMAIL PROTECTED] On Behalf Of Scott Goodwin Sent: Friday, January 26, 2007 9:14 AM To: [email protected] Subject: Re: [AOLSERVER] SSL read error: bad write retry Thanks for the update. It sounds like a compatibility problem with MSIE or maybe something completely internal to MSIE, but we may still be able to do something about it. Can you provide a list of the specific browser versions affected? The user-agent strings should suffice, but it would help if you could identify whether the browsers are export-crippled to 40-bit, 56-bit or are regular 128-bit capable, that would also help in reproducing and testing potential fixes. /s. On Jan 26, 2007, at 11:34 AM, Alex Kroman wrote: > I can't seem to come up with a good test case that triggers this > behavior > > - I have never seen this occur in Firefox (my main browser). > - Using wget in an infinite loop with varying page sizes and varying > loads does not seem to trigger it. > - Just a few minutes ago I was clicking around with Internet Explorer > and reproduced the behavior. > - The pages that trigger this behavior seem to be completely random. > > This site is an Intranet for a 100 person company. I sent out a > survey to the heaviest users of the system and 100% of the Internet > Explorer users have encountered this behavior within the past week and > none of the Apple users have. > > Alex > > -----Original Message----- > From: AOLserver Discussion [mailto:[EMAIL PROTECTED] On > Behalf Of Steve Manning > Sent: Friday, January 26, 2007 12:56 AM > To: [email protected] > Subject: Re: [AOLSERVER] SSL read error: bad write retry > > Alex > > We see this problem as well and I think its related to the system > load. > Our peak load is in October when we are averaging over 500,000 pages > per day and we have had reports of blank pages being returned during > this time. > > I spoke to Dossy about it in Sept last year as I know hes been doing > some work on tidying it up but its not yet been committed. See below. > > Steve > > > On 2006.09.20, Steve Manning <[EMAIL PROTECTED]> wrote: >> Could you give us an update on the current state of nsopenssl. >> >> I'm currently using v3_0beta26 but I'm seeing increasing numbers of >> "SSL read error: ssl handshake failure" and "SSL write error: bad >> write retry" errors in the log as the site gets more busy (currently >> about 1.4m requests/day). I see there has been some activity in CVS - >> v3_0beta27 and Head and I'm wondering if these changes are worth >> having and if there anything else in the pipeline. > > I'm sitting on a whole chunk of changes ... and some of that > logging needs to be rationalized ... either demoted to "Debug" > level, or removed entirely. > > At this point in time, are there any serious remaining bugs > with > nsopenssl? I'd like to finally declare "nsopenssl 3.0" > final ... > probably just call it "nsopenssl 3.1" to avoid all the > confusion > with the MANY 3.0-beta-something versions. > > Lets put together a TODO list for nsopenssl_v3_r1, divide up > the > work (or, assign it all to me, doesn't matter) and I'll try to > put an estimate on it. > > So: what are you (plural -- all of you) still waiting for to > be > done in nsopenssl? > > -- Dossy > > > > > On Thu, 2007-01-25 at 20:12 -0600, Alex Kroman wrote: >> Our production server is getting 57,000 pageviews per day but I am >> able to replicate this behavior on a development server that I am the >> only user on. >> >> Linux intra 2.6.8-3-686-smp #1 SMP Thu Feb 9 07:05:39 UTC 2006 i686 >> GNU/Linux OpenSSL 0.9.7e >> >> >> -----Original Message----- >> From: AOLserver Discussion [mailto:[EMAIL PROTECTED] On >> Behalf Of Scott Goodwin >> Sent: Thursday, January 25, 2007 5:37 PM >> To: [email protected] >> Subject: Re: [AOLSERVER] SSL read error: bad write retry >> >> How many connections a day does your server get, and can you give me >> an estimate of the rate of connection activity when the form >> submission fails? Also, send me the output of 'uname -a' and the >> version of OpenSSL you're using. >> >> thanks, >> >> /s. >> >> On Jan 25, 2007, at 5:52 PM, Alex Kroman wrote: >> >>> Hi all, >>> >>> Every day about 1% of connections to my website result in the >>> following >>> error: >>> >>> Error: nsopenssl: SSL write error: bad write retry >>> >>> I can reproduce the error by repeatedly submiting a form. >>> Eventually one >>> of those submits will fail and give the generic Internet Explorer >>> connection error and append the "bad write retry" message to the > log. >>> >>> Has anyone run into this problem? >>> >>> I am using the stock Debian versions of AOLServer 4.0.10 and >>> nsopenssl >> >>> 3.0beta22. >>> >>> Here are some settings from my configuration file: >>> >>> ns_param maxinput [expr 1024 * 1024 * 100] >>> ns_param recvwait [expr 20 * 60] >>> ns_param socktimeout 240 >>> >>> Thanks, >>> Alex >>> >>> >>> -- >>> AOLserver - http://www.aolserver.com/ >>> >>> To Remove yourself from this list, simply send an email to >>> <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in >>> the email message. You can leave the >>> Subject: field of your email blank. >> >> >> -- >> AOLserver - http://www.aolserver.com/ >> >> To Remove yourself from this list, simply send an email to >> <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in >> the email message. You can leave the Subject: field of your email > blank. >> >> >> -- >> AOLserver - http://www.aolserver.com/ >> >> To Remove yourself from this list, simply send an email to >> <[EMAIL PROTECTED]> with the > -- > Steve Manning > Systems Engineer > Du Maurier Ltd > Tel: +44 (0)116 284 9661 > Fax: +44 (0)116 284 9145 > Email: [EMAIL PROTECTED] > ---------------------------------------------------------------------- > -- > --- > Any views expressed in this email and any attachments are the senders > own and do not represent the views of Du Maurier Limited. This email > and any attachments should only be read by those persons to whom it is > addressed. > Accordingly, we disclaim all responsibility and accept no liability > (including negligence) for the consequences of any person other than > the intended recipients acting , or refraining from acting, on such > information. > If you have received this email in error, please accept our apologies > and we simply request that you delete the email and any attachments. > Any form of reproduction, dissemination, copying, disclosure, > modification, distribution and/or publication of this email is > strictly prohibited. > > Du Maurier Limited, Tel +44 (0)116 2849661. Fax +44 (0)116 2849145 > ---------------------------------------------------------------------- > -- > ---- > > body of "SIGNOFF AOLSERVER" in the email message. You can leave the > Subject: field of your email blank. > > > -- > AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to > <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in > the email message. You can leave the Subject: field of your email > blank. > > > -- > AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to > <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in > the email message. You can leave the > Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
