On Wed, Jan 06, 1999, Nigel Metheringham wrote:
> } What's the reason you assume that Timeout doesn't apply to HTTPS
> } connections?
>
> Crude empirical testing:-
>
> telnet mywww.system 80
> [... do nothing...]
>
> This gets thrown off after Timeout seconds
>
> telnet mywww.system 443
> [... do nothing...]
>
> This one hangs longer than I was willing to wait...
Oh yes, you're right. The Apache "Timeout" is applied to a HTTP request, so
it's initialized the first time when the request is read. But that's too late
in case of HTTPS. So, mod_ssl has to manually perform an own additional
timeout for the SSL handshake phase. I've added this facility for 2.1.6: Now
the "Timeout" directive also applies to the SSL handshake phase. Thanks for
discovering this and reporting the essential point.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
