We have a server under the following config:
Linux 2.2.14 SMP
Apache/1.3.14 (Unix) tomcat/1.0 PHP/4.0.3pl1 mod_ssl/2.7.1 OpenSSL/0.9.6
Under heavy loads, after a period of less than 24 hours, the machine starts
to have massive amounts of SSL errors. Usually, they repeat something
similar to these three groups:
[Mon Dec 18 20:32:59 2000] [error] mod_ssl: SSL handshake failed (server
webmail1.asu.edu:443, client x.x.x.x) (OpenSSL library error follows)
[Mon Dec 18 20:32:59 2000] [error] OpenSSL: error:1409D08A:SSL
routines:SSL3_SETUP_KEY_BLOCK:cipher or hash unavailable
--
[Mon Dec 18 21:34:38 2000] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Mon Dec 18 21:34:38 2000] [error] System: Connection reset by peer (errno:
104)
--
[Tue Dec 19 07:22:43 2000] [error] mod_ssl: SSL error on reading data
(OpenSSL library error follows)
[Tue Dec 19 07:22:43 2000] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered
details of a re-created server certificate?]
Then the clients get various problems connecting to the server. One of the
things that seems to be happening, is they keep resubmitting the same form
over and over up to as many as 100 times (the browser retrying the SSL
connection?). So, needless to say, it has caused some problems, and it is
quite troublesome having to tend to the server and restart it whenever these
problems occur. Has anyone noticed this behavior? Is this a general
indication of the stability of mod_ssl? We're about ready to switch to
Apache-SSL, since it claims to be more focused on stability rather than
features. Any suggestions anyone?
Thanks!
______________
Al Wold - Web and Messaging Applications & Consulting - Arizona State
University
[EMAIL PROTECTED] - 480.965.3763
*email-p*
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
