We have from time to time the following traces in our Apache logs : [Mon Feb 4 08:17:24 2002] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Mon Feb 4 08:17:24 2002] [error] System: Connection reset by peer (errno: 104)
Can anyone help us finding what can the problem be related to ? Our apache is 1.3.20 mod_ssl 2.8.4 OpenSSL 0.9.6b. Part of our configuration is : <IfModule mod_ssl.c> # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Adding that line because of info from mod_ssl mailing list to # make more stable Apache SSL. # To my understanding (and anyone who can correct me if I am wrong, please do), # some versions of Microsoft Internet Explorer (MSIE) have problems with using the # HTTP/1.1 protocol with SSL. What this command does is to turn off keepalive # facility and force HTTP/1.0 responses (rather than HTTP/1.1 responses) when the # browser (User-Agent) is a version of MSIE. If you would like more information on # this, you might try the following page from the mod_ssl FAQ: # # http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49 # <IfModule mod_setenvif.c> #SetEnvIf User-Agent ".*MSIE.*" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 \ force-response-1.0 SetEnvIf User-Agent "MSIE [1-4]" nokeepalive \ ssl-unclean-shutdown downgrade-1.0 \ force-response-1.0 SetEnvIf User-Agent "MSIE [5-9]" ssl-unclean-shutdown </IfModule> # # Inter-Process Session Cache: # Configure the SSL Session Cache: First either `none' # or `dbm:/path/to/file' for the mechanism to use and # second the expiring timeout (in seconds). #SSLSessionCache none #SSLSessionCache shm:/opt/apache/logs/ssl_scache(512000) SSLSessionCache dbm:/opt/apache/logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual explusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex file:/opt/apache/logs/ssl_mutex # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 SSLEngine on SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # The certificate files are now located under /opt/apache/conf SSLCertificateFile /opt/apache/conf/XXX.crt SSLCertificateKeyFile /opt/apache/conf/XXX.key ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
