DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19242>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19242 Problem Reverse Proxying HTTPS site Summary: Problem Reverse Proxying HTTPS site Product: Apache httpd-2.0 Version: 2.0.45 Platform: Sun OS/Version: Solaris Status: NEW Severity: Critical Priority: Other Component: mod_proxy AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] We are currently having an issue where we are reverse proxying an HTTPS site using Apache. Every second request to the site (via the rev proxy) fails with a 500 Internal Server Error. I have done various debugging such as snoops, trusses and debug apache logging. What seems to happen is the first (successful) request works as expected, however when the second request is sent, the SSL session between the client and proxy is set up okay, but the SSL connection between the proxy and backend server has problems. Basically it (the proxy) sets up the TCP session okay, sends an SSL Client Hello, but then almost straight away sends a FIN. I then looked at the apache error log, with full debugging enabled to see why the proxy would send a client hello, and then straight away send a FIN. It seems that there is an issue with an SSL BIO being logged. It says that 0/7 bytes are being read from the BIO whenever the connection is failing. However, when there is a successful connection it reads 7/7 bytes at this same part of the conversation. I have also done a truss of a successful vs unsuccessful connection. When successful, the httpd process is doing a read, getting an "Err#11 Eagain" error, doing a poll, redoing the read, but this time without error. However on an unsuccessful connection, the httpd process does the same initial read, gets the same "Err#11 Eagain" error, but does not do the poll or reread. I have verified this exact same behaviour on the following: Solaris 2.6 with Apache 2.0.44 OpenSSL 0.9.7 Solaris 8 with Apache 2.0.44 OpenSSL 0.9.7 (32bit) Solaris 8 with Apache 2.0.45 OpenSSL 0.9.7a (32bit) Solaris 8 with Apache 2.0.45 OpenSSL 0.9.7a (64bit) I have also tried on both a SunBlade 100 and E450 platform, each with identical results. I have tried both prefork and worker mpms with identical results. I have found that the only workaround (which is very ugly) is to set the MaxRequestsPerChild to 1. I have also played with virtually every setting I can think of, particularly the SSLMutex and AcceptMutex settings. Nothing other that the above workaround seems to affect this problem. Any ideas would be greatly appreciated? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
