Hello Arno, The customer still complains with 0.9.8i! Due to PCI-compliance, they must disable SSLv2 and that part works. The strange things are,
- only https port stalls - no fatal issue--service could shut down gracefully - 3 drops in 24 hours HTH, SZ On Thu, Mar 12, 2009 at 7:56 PM, Arno Garrels <arno.garr...@gmx.de> wrote: > Fastream Technologies wrote: > > Hello, > > > > Seems that the connections are rejected. I am using TSslContext > > options to set ssl version and the customer disabled SSLv2. He says > > IE and FF on Win. gave general SSL errors yet Opera on Blackberry > > complained about TLSv1 but unfortunately he could not recall the > > exact message. > > Provided SSLv2 is correctly disabled in your code (we discussed this > topic multiple times in the ICS-SSL list, AFAIR), I would search the > newer OpenSSL change logs first since this _might be a known or fixed > SSL handshake issue in OpenSSL (rather unlikely, though). > The worst case with session caching _should be no successful hits on > lookups, which indeed was slower than no session caching. > > -- > Arno Garrels > > > > > Regards, > > > > Gorkem Ates > > > > On Thu, Mar 12, 2009 at 6:25 PM, Arno Garrels <arno.garr...@gmx.de> > > wrote: > > > >> Fastream Technologies wrote: > >>> Hello, > >>> > >>> Our customer complains that when they run it for some time, only the > >>> ssl ports get stuck and reset connections. > >> > >> Does that mean established connections are dropped? > >> Or are connection attempts rejected? > >> > >>> Arno, could there be a > >>> problem with the avl tree caching class you provided > >> > >> Nothing is impossible ;-) Years ago I tested this class > >> successfully in a MT server, however that does of course not > >> guarantee it's bug-free. If you think it is making the trouble > >> you could switch to OpenSSL's own session caching. > >> However, if I were you I would try to reproduce the issue in > >> order to find out what actually goes wrong. > >> > >>> --have you > >>> recently fixed any issues? > >> > >> No, just one or two minor Unicode changes last year. > >> > >> -- > >> Arno Garrels > >> > >> -- > >> To unsubscribe or change your settings for TWSocket mailing list > >> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > >> Visit our website at http://www.overbyte.be > >> > > > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
