Hi Steve,
If keepalivetimeout is not set at all in your nsd.tcl, it means you
are using keepalive and it is set to 30 seconds. Can you try adding
the keepalivetimetout parameter and setting it to 0 as I mentioned in
a previous message and see if that solves the problem? I'm pretty
sure Andrew found the correct information -- that MSIE has difficulty
with keepalive conns over SSL, particularly since no one has been
able to replicate the problem with other browsers or load testers.
Note that turning off keepalive will turn it off for non-SSL conns as
well, so if you try it, do be careful.
/s.
On Jan 26, 2007, at 2:44 PM, Steve Manning wrote:
Hi Scott
Long time no hear.
The site is http://www.fancydress.com running on Linux - Centos 4.4
(RHEL4 derived). We run AOLserver 4.0.10 with OpenACS 5.0.4 over the
top.
OpenSSL is 0.9.7a-43-14 from the supplied RPM and were using the
nsopenssl tagged as v3.0beta26 from cvs.
From the config we have:
ns_section ns/server/${server}/module/nsopenssl/sslcontext/
users
ns_param Role server
.
.
.
.
# for Protocols "ALL" = "SSLv2, SSLv3, TLSv1"
ns_param Protocols "SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:
+MEDIUM:
+LOW:+SSLv2:+EXP"
ns_param PeerVerify false
ns_param PeerVerifyDepth 3
ns_param Trace false
ns_param SessionCache true
ns_param SessionCacheID 1
ns_param SessionCacheSize 512
ns_param SessionCacheTimeout 300
keepalivetimeout is not set.
Just from this evenings log I can see e.g.
[26/Jan/2007:18:52:34][25120.3050740656][-conn:fancydress::14]
Error: nsopenssl (fancydress): SSL read error: bad write retry
[26/Jan/2007:19:02:28][25120.3023371184][-conn:fancydress::40]
Error: nsopenssl (fancydress): SSL read error: ssl handshake
failure
Let me know if you need anything else.
Steve
On Fri, 2007-01-26 at 12:55 -0500, Scott Goodwin wrote:
Steve, what version of OpenSSL are you running on the site that
you're experiencing this problem on?
/s.
On Jan 26, 2007, at 3:55 AM, Steve Manning wrote:
Alex
We see this problem as well and I think its related to the system
load.
Our peak load is in October when we are averaging over 500,000
pages per
day and we have had reports of blank pages being returned during
this
time.
I spoke to Dossy about it in Sept last year as I know hes been doing
some work on tidying it up but its not yet been committed. See
below.
Steve
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<[EMAIL PROTECTED]> with the
--
Steve Manning - Mandrake Linux 10.1 - Gnome 2.6
East Goscote - Leicester - UK +44 (0)116 260 5457
E-Mail: [EMAIL PROTECTED] - Web: www.festinalente.co.uk
AIM: verbomania - Public Key: 25665CAF from wwwkeys.pgp.net
-----------------------------------------------------------
There are only 10 types of people in this world
Those who understand binary and those who don't
-----------------------------------------------------------
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<[EMAIL PROTECTED]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the
Subject: field of your email blank.
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]>
with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.
