Spurious SSL handshake interrupt
Hi All, I am running apache 2.0.39 with mod_ssl module on solaris 8. connected to tomcat 4.1.12. I am getting lot of " Spurious SSL handshake interrupt" errorsin ssl_error.log file. All my https calls have become drastically slow. Any clues on this error please, it's a production website... [Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt [Hint: Usually just one of those OpenSSL confusions!?][Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt [Hint: Usually just one of those OpenSSL confusions!?][Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt [Hint: Usually just one of those OpenSSL confusions!?][Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt [Hint: Usually just one of those OpenSSL confusions!?][Mon Jan 06 13:09:37 2003] [error] Spurious SSL handshake interrupt [Hint: Usually just one of those OpenSSL confusions!?] also few other like these [Mon Jan 06 13:10:17 2003] [error] SSL handshake failed (server new.host.name:443, client 12.94.6.64)[Mon Jan 06 13:10:17 2003] [error] SSL Library Error: 336151574 error:14094416:lib(20):func(148):reason(1046) any ideas ?/ thanks -Raj
Re: Spurious SSL handshake interrupt
I receive this log message constantly myself, although it has no apparent impact on performance in my case. The reason for it in our installation is that the load balancer is set to check SSL availability and is frequently requesting data from the SSL server but without a full connection. Hope this is helpful. conrad On Mon, Jan 06, 2003 at 01:15:07PM -0500, Raj Mettai wrote: Hi All, I am running apache 2.0.39 with mod_ssl module on solaris 8. connected to tomcat 4.1.12. I am getting lot of Spurious SSL handshake interrupt errors in ssl_error.log file. All my https calls have become drastically slow. Any clues on this error please, it's a production website... [Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt [Hint: Usually just one of those OpenSSL confusions!?] -- Conrad Heiney [EMAIL PROTECTED] http://fringehead.org -- If the Catholics can no longer transsubstantiate onion dip into the body of Christ, I'd say it is a pretty crappy miracle. --mjd msg15731/pgp0.pgp Description: PGP signature
Re: Spurious SSL handshake interrupt
No idea there, sorry; someone smarter than me must be called in. ;) On Mon, Jan 06, 2003 at 01:44:54PM -0500, Raj Mettai wrote: thanks a lot conradI am also seeing following errors in the logs [Mon Jan 06 13:10:17 2003] [error] SSL handshake failed (server new.host.name:443, client 12.94.6.64) [Mon Jan 06 13:10:17 2003] [error] SSL Library Error: 336151574 error:14094416:lib(20):func(148):reason(1046) are the above errors are also very common or do they mean something... thanks in advance -Raj -- Conrad Heiney [EMAIL PROTECTED] http://fringehead.org -- TorgoX Orthaganal az I wanna bee!| msg15733/pgp0.pgp Description: PGP signature
Re: Spurious SSL handshake interrupt
On Mon, 6 Jan 2003, Raj Mettai wrote: I am running apache 2.0.39 with mod_ssl module on solaris 8. connected to tomcat 4.1.12. I am getting lot of Spurious SSL handshake interrupt errors in ssl_error.log file. All my https calls have become drastically slow. Any clues on this error please, it's a production website... [Mon Jan 06 13:09:36 2003] [error] Spurious SSL handshake interrupt [Hint: Usually just one of those OpenSSL confusions!?] I don't remember for sure because it's been a while, but I want to say that something related to this message was fixed in mod_ssl after 2.0.39 was released. 2.0.44 should be coming out sometime soon... give that one a try when it's released and let me know if you still see the problem. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: spurious SSL handshake interrupt / msie / possible lead!
On Thu, 3 Aug 2000, David Rees wrote: Do you have the lines: SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP in your httpd.conf? You can read more about it here: http://www.modssl.org/docs/2.6/ssl_faq.html#ToC48 Yes i have those lines. Regards, Simon Weijgers __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
spurious SSL handshake interrupt / msie / possible lead!
Hi, I'm getting spurious SSL handshake interrupts with MSIE (alot with msie4 (i tried 4.72.3110.4 and 4.72.3612.1713) and sometimes with MSIE 5.00.2614.3500. But this is old news. What I discovered today is that if I disable the sessioncache (SSLSessionCache none) none of the above clients can make ssl connections at all to my server (a spurious SSL handhake interrupt error in the ssl_engine_log for all the requests). Netscape, of course, still works fine. I run apache 1.3.12/mod_ssl-2.6.2 as shipped with Red Hat 6.2. I'm going to upgrade to 2.6.5 and see if that improves anything. Regards, Simon Weijgers __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: spurious SSL handshake interrupt / msie / possible lead!
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simon Weijgers I'm getting spurious SSL handshake interrupts with MSIE (alot with msie4 (i tried 4.72.3110.4 and 4.72.3612.1713) and sometimes with MSIE 5.00.2614.3500. But this is old news. What I discovered today is that if I disable the sessioncache (SSLSessionCache none) none of the above clients can make ssl connections at all to my server (a spurious SSL handhake interrupt error in the ssl_engine_log for all the requests). Netscape, of course, still works fine. I run apache 1.3.12/mod_ssl-2.6.2 as shipped with Red Hat 6.2. I'm going to upgrade to 2.6.5 and see if that improves anything. I'm betting that it won't, but there are other bug fixes included that you'll want anyway. Do you have the lines: SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP in your httpd.conf? You can read more about it here: http://www.modssl.org/docs/2.6/ssl_faq.html#ToC48 Upgrading to 2.6.5, but keep in mind that there is a known bug in 2.6.5 which prevents restarts when mod_ssl is compiled statically into Apache. If you need to compile mod_ssl statically into Apache, I have a patch, email me for it. -Dave __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: spurious SSL handshake interrupt / msie / possible lead!
On Thu, Aug 03, 2000 at 09:53:34AM -0700, David Rees wrote: Upgrading to 2.6.5, but keep in mind that there is a known bug in 2.6.5 which prevents restarts when mod_ssl is compiled statically into Apache. If That would be _graceful restart_ - if you're doing a plain restart, then there is no problem. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Spurious SSL handshake interrupt ???
Dear Stefan I had this similar problem. It was solved by having different details for making ca.crt and server.crt Naresh Narang Original Message Follows From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Spurious SSL handshake interrupt ??? Date: Tue, 30 Nov 1999 13:20:59 +0100 MIME-Version: 1.0 From [EMAIL PROTECTED] Tue Nov 30 11:31:18 1999 Received: from [129.132.7.153] by hotmail.com (3.2) with ESMTP id MHotMailBA0D6E9D004BD820F3C68184079993560; Tue Nov 30 11:21:05 1999 Received: by en5.engelschall.com (Sendmail 8.9.2) for modssl-users-Lid QAA04735; Tue, 30 Nov 1999 16:52:58 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for [EMAIL PROTECTED]from mail2.advance-bank.de id QAA04729; Tue, 30 Nov 1999 16:52:55 +0100 (MET) Received: by mail2.advance-bank.de(Lotus SMTP MTA v4.6.4 (830.2 3-23-1999)) id C1256839.004372C5 ; Tue, 30 Nov 1999 13:16:42 +0100 X-Lotus-FromDomain: ADVANCE BANK@INET Message-ID: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Precedence: bulk X-Sender: [EMAIL PROTECTED] X-List-Manager: Majordomo [version 1.94.4] X-List-Name: modssl-users Hi All I have a website running under Solaris 2.6 and Apache/1.3.9 (Unix) mod_ssl/2.4.4 OpenSSL/0.9.4 i have almost no problems except the following entries in the ssl_engine.log: [30/Nov/1999 09:11:48] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:12:28] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:12:56] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:13:23] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:13:24] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:14:57] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:18:42] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:21:47] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] and i have no glue what that means. Additionaly report some customers that they are not able tho connect that site (hbci.advance-bank.de for example) any hints welcome Stefan Majer __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Get Your Private, Free Email at http://www.hotmail.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Spurious SSL handshake interrupt ???
Hi All I have a website running under Solaris 2.6 and Apache/1.3.9 (Unix) mod_ssl/2.4.4 OpenSSL/0.9.4 i have almost no problems except the following entries in the ssl_engine.log: [30/Nov/1999 09:11:48] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:12:28] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:12:56] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:13:23] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:13:24] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:14:57] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:18:42] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] [30/Nov/1999 09:21:47] [info] Spurious SSL handshake interrupt[Hint: Usually just one of those OpenSSL confusions!?] and i have no glue what that means. Additionaly report some customers that they are not able tho connect that site (hbci.advance-bank.de for example) any hints welcome Stefan Majer __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
