On Mon, Oct 18, 2010 at 10:26:31AM +0100, Stuart Henderson wrote: > On 2010/10/18 02:09, [email protected] wrote: > > Synopsis: relayd check https - ssl read timeout > > > > State-Changed-From-To: open->closed > > State-Changed-By: pyr > > State-Changed-When: Mon Oct 18 02:08:14 MDT 2010 > > State-Changed-Why: > > This is not a bug, the default timeout is 200ms which is > > a bit short for https sessions, the timeout should be > > set when checking https sessions. > > If this is not a bug then it's an omission from the manual. > So how should we handle it? Something like this? > > Index: relayd.conf.5 > =================================================================== > RCS file: /cvs/src/usr.sbin/relayd/relayd.conf.5,v > retrieving revision 1.114 > diff -u -p -r1.114 relayd.conf.5 > --- relayd.conf.5 1 Aug 2010 22:18:35 -0000 1.114 > +++ relayd.conf.5 18 Oct 2010 08:25:13 -0000 > @@ -268,6 +268,11 @@ HTTP/1.1 200 OK > .Ic code Ar number > .Xc > This has the same effect as above but wraps the HTTP request in SSL. > +The value of > +.Ic timeout > +should be increased above the default if > +.Ic check https > +is used. > .It Xo > .Ic check http Ar path > .Op Ic host Ar hostname > > > As far as I can tell this has to be done globally at present. > The manual talks about a per-table timeout but the only place > it's accepted is in tablespec (e.g. 'forward to <foo> timeout > 500 check https "/" code 200') and this doesn't seem to change > anything. >
That seems like a good idea. .... Ken
