On 1/17/2012 11:25 AM, Steffen wrote:
It is line with our reports. Thanks, and this confirms again there is some
broken serious.
For me a showstopper 2.4, tons of win users going to deal with this.
Work around is to use 2.2.21 SSL-only and minimal config in front of 2.4.
Another possible workaround.
Not to set the AcceptFilter to none for https and reduce the
|MaxConnectionsPerChild so the server respawns new child processes more
often. This should have the same effect (if you can get the number
right) to scheduling a graceful restart every N minutes/hours|. I had
done the latter (scheduling graceful restarts) to keep Apache answering
when the AcceptFilter for both http & https were broken since I would
get the AcceptEx errors and eventually server would not respond.
I second the Thanks to Daniel for taking the time to test this and give
his opinion on the matter.
Regards,
Gregg
Op 17 jan. 2012 om 15:37 heeft Daniel Ruggeri<[email protected]> het
volgende geschreven:
All;
I have submitted PR 52476 to track and document this bug. I've
uploaded the logs from my tests where I was able to duplicate the problem.
http://people.apache.org/~druggeri/logs/WinSSL/
Initially I was just setting up my testbed and hitting 127.0.0.1 to
make sure the small LWP script can duplicate the problem and help track
it down... it was trival to reproduce the bug on this Winsows 7 x64
installation. Since I was able to reproduce quickly, I never got past
testing on local IP's, though this should suffice since it's technically
running through the TCP stack just as well.
I was able to reproduce inconsistently in Firefox 8.0.1 and IE 8
after enabling AcceptFilter https none. I was able to consistently
reproduce the error with openssl-based clients (LWP and openssl
s_client). The common error across all clients is a complaint with the
ClientHello message. I was not able to find a failure where partial
content was served - it was all or nothing for me at an SSL connection
level.
I don't have the expertise to dig into this one, but since several
folks have been unable to reproduce the problem, I'll be happy to serve
as a testing ground.
--
Daniel Ruggeri
