Hello all,

I've been looking at an issue now for 3 days, and after
extensively reading the mailing list and docuementation, i
am unable to find a solution for my problem.

Frist, i am running Apache 1.3.28 and mod_ssl 2.8.15/openssl 0.9.7d.

The behavior i see is that during the course of normal SSL traffic
(handshakes, data transfer, closing connection) a client will sometimes
spawn between 100 and 500 TCP connections to Apache that remain
in the "Reading" state and occupy client slots until the Apache Timeout
of 1200 seconds kicks in and removes them.

For a few of the offending IP Addresses, i have used tcpdump/ssldump
to capture the TCP traffic inside of the firewall and on the Apache machine.

What i see, is as follows:

1. Normal TCP Connection
2. Followed by Handshake and Cipher Exchange
3. Application Data Flowing
4. TCP connection closed.

However, in certain cases after application data is exchanged, i will
see a flood of TCP connections that are followed by RST(s). Here is a snippet

361 14 24.8021 (0.0000)  S>CV3.0(21)  application_data
361 15 24.9503 (0.1481)  C>SV3.0(977)  application_data
361    24.9521 (0.0017)  C>S  TCP RST
New TCP connection #397: REMOTE_HOST(2683) <-> APACHE_HOST(443)
397    0.1080 (0.1080)  C>S  TCP RST
New TCP connection #398: REMOTE_HOST(2684) <-> APACHE_HOST(443)
398    0.1103 (0.1103)  C>S  TCP RST
New TCP connection #399: REMOTE_HOST(2685) <-> APACHE_HOST(443)
399    0.1126 (0.1126)  C>S  TCP RST
New TCP connection #400: REMOTE_HOST(2686) <-> APACHE_HOST(443)
400    0.1147 (0.1147)  C>S  TCP RST
New TCP connection #401: REMOTE_HOST(2687) <-> APACHE_HOST(443)
401    0.1170 (0.1170)  C>S  TCP RST
New TCP connection #402: REMOTE_HOST(2688) <-> APACHE_HOST(443)
402    0.1193 (0.1193)  C>S  TCP RST
New TCP connection #403: REMOTE_HOST(2689) <-> APACHE_HOST(443)
403    0.1214 (0.1214)  C>S  TCP RST
New TCP connection #404: REMOTE_HOST(2690) <-> APACHE_HOST(443)
404    0.1237 (0.1237)  C>S  TCP RST
New TCP connection #405: REMOTE_HOST(2691) <-> APACHE_HOST(443)
405    0.1259 (0.1259)  C>S  TCP RST
New TCP connection #406: REMOTE_HOST(2692) <-> APACHE_HOST(443)
406    0.1279 (0.1279)  C>S  TCP RST
New TCP connection #407: REMOTE_HOST(2693) <-> APACHE_HOST(443)
407    0.1300 (0.1300)  C>S  TCP RST
New TCP connection #580: REMOTE_HOST(2883) <-> APACHE_HOST(443)
580 1  0.0673 (0.0673)  C>SV3.0(97)  Handshake
        Version 3.0

Additionally, i turned on SSL Debugging at the Apache layer, and this is the only real relevant information i obtained:

[26/Oct/2004 07:54:24 07446] [info]  Connection to child 17 established (server 
[26/Oct/2004 07:54:24 07446] [info]  Seeding PRNG with 1160 bytes of entropy
[26/Oct/2004 07:54:24 07446] [trace] OpenSSL: Handshake: start
[26/Oct/2004 07:54:24 07446] [trace] OpenSSL: Loop: before/accept initialization
[26/Oct/2004 08:14:26 07446] [debug] OpenSSL: I/O error, 11 bytes expected to read on 
BIO#082BE820 [mem: 083D2128]
[26/Oct/2004 08:14:26 07446] [trace] OpenSSL: Exit: error in SSLv2/v3 read client 
hello A
[26/Oct/2004 08:14:26 07446] [error] SSL handshake timed out (client REMOTE_UP, server 

Notice above that the point at which the SSL hanshake timed out was at the Apache 
Timeout of 1200 seconds.
During this period, the request is occupying a client slot in the Reading state.

I would appreciate any help/suggestions, as i am nearly out of idea.

If you reply, please CC [EMAIL PROTECTED] as i am currently
not on the modssl-users mailing list.


ted rice

Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to