Hello all,
I've been looking at an issue now for 3 days, and after
extensively reading the mailing list and docuementation, i
am unable to find a solution for my problem.
Frist, i am running Apache 1.3.28 and mod_ssl 2.8.15/openssl 0.9.7d.
The behavior i see is that during the course of normal SSL traffic
(handshakes, data transfer, closing connection) a client will sometimes
spawn between 100 and 500 TCP connections to Apache that remain
in the "Reading" state and occupy client slots until the Apache Timeout
of 1200 seconds kicks in and removes them.
For a few of the offending IP Addresses, i have used tcpdump/ssldump
to capture the TCP traffic inside of the firewall and on the Apache machine.
What i see, is as follows:
1. Normal TCP Connection
2. Followed by Handshake and Cipher Exchange
3. Application Data Flowing
4. TCP connection closed.
However, in certain cases after application data is exchanged, i will
see a flood of TCP connections that are followed by RST(s). Here is a snippet
from the TCPDUMP/SSLDUMP.
---------------------------------------------------------------
361 14 24.8021 (0.0000) S>CV3.0(21) application_data
---------------------------------------------------------------
---------------------------------------------------------------
361 15 24.9503 (0.1481) C>SV3.0(977) application_data
---------------------------------------------------------------
361 24.9521 (0.0017) C>S TCP RST
New TCP connection #397: REMOTE_HOST(2683) <-> APACHE_HOST(443)
397 0.1080 (0.1080) C>S TCP RST
New TCP connection #398: REMOTE_HOST(2684) <-> APACHE_HOST(443)
398 0.1103 (0.1103) C>S TCP RST
New TCP connection #399: REMOTE_HOST(2685) <-> APACHE_HOST(443)
399 0.1126 (0.1126) C>S TCP RST
New TCP connection #400: REMOTE_HOST(2686) <-> APACHE_HOST(443)
400 0.1147 (0.1147) C>S TCP RST
New TCP connection #401: REMOTE_HOST(2687) <-> APACHE_HOST(443)
401 0.1170 (0.1170) C>S TCP RST
New TCP connection #402: REMOTE_HOST(2688) <-> APACHE_HOST(443)
402 0.1193 (0.1193) C>S TCP RST
New TCP connection #403: REMOTE_HOST(2689) <-> APACHE_HOST(443)
403 0.1214 (0.1214) C>S TCP RST
New TCP connection #404: REMOTE_HOST(2690) <-> APACHE_HOST(443)
404 0.1237 (0.1237) C>S TCP RST
New TCP connection #405: REMOTE_HOST(2691) <-> APACHE_HOST(443)
405 0.1259 (0.1259) C>S TCP RST
New TCP connection #406: REMOTE_HOST(2692) <-> APACHE_HOST(443)
406 0.1279 (0.1279) C>S TCP RST
New TCP connection #407: REMOTE_HOST(2693) <-> APACHE_HOST(443)
407 0.1300 (0.1300) C>S TCP RST
...
<<REPEATS 173 TIMES>>
...
New TCP connection #580: REMOTE_HOST(2883) <-> APACHE_HOST(443)
580 1 0.0673 (0.0673) C>SV3.0(97) Handshake
ClientHello
Version 3.0
Additionally, i turned on SSL Debugging at the Apache layer, and this
is the only real relevant information i obtained:
[26/Oct/2004 07:54:24 07446] [info] Connection to child 17 established (server
VIRTUAL_HOST:443, client REMOTE_IP)
[26/Oct/2004 07:54:24 07446] [info] Seeding PRNG with 1160 bytes of entropy
[26/Oct/2004 07:54:24 07446] [trace] OpenSSL: Handshake: start
[26/Oct/2004 07:54:24 07446] [trace] OpenSSL: Loop: before/accept initialization
[26/Oct/2004 08:14:26 07446] [debug] OpenSSL: I/O error, 11 bytes expected to read on
BIO#082BE820 [mem: 083D2128]
[26/Oct/2004 08:14:26 07446] [trace] OpenSSL: Exit: error in SSLv2/v3 read client
hello A
[26/Oct/2004 08:14:26 07446] [error] SSL handshake timed out (client REMOTE_UP, server
VIRTUAL_HOST:443)
Notice above that the point at which the SSL hanshake timed out was at the Apache
Timeout of 1200 seconds.
During this period, the request is occupying a client slot in the Reading state.
I would appreciate any help/suggestions, as i am nearly out of idea.
If you reply, please CC [EMAIL PROTECTED] as i am currently
not on the modssl-users mailing list.
thanks,
ted rice
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
