On 10/01/2015 06:59 PM, Graham Leggett wrote: > On 01 Oct 2015, at 5:43 PM, [email protected] wrote: > >> URL: http://svn.apache.org/viewvc?rev=1706275&view=rev >> Log: >> mod_ssl: follow up to r1705823. >> We still need to flush in the middle of a SSL/TLS handshake. > > Can you confirm why the flushing is necessary? > > In theory mod_ssl should be switching the sense of any reads/writes as > necessary without any need for flushing. >
The issue is that openssl during the connect handshake to a clieent does not tell httpd to flush. Hence the CLIENT_HELLO remains in the core output filter buffer and openssl waits for the SERVER_HELLO from the remote server which of course does not happen without the CLIENT_HELLO having been sent there. The whole game of reading and writing during the handshake happens inside openssl while SSL_connect is running. Apache code only gets back into this via bio_filter_out_write and bio_filter_in_read. Regards Rüdiger
