Hello,

I can see on my Vista x64 the reverse proxy drops SSL connections with our
web stress tester:

http://www.fastream.com/WebStressTester.zip

but not sure why. With plain HTTP, it works with no dropping. Could you guys
repeat the same tests there against your ICS SSL servers? For some reason,
with my BCB2007 and ICSv6, I am unable to compile the ICS HTTPS Web Server
pas. Complains about session cache base class...

Regards,

SZ

On Fri, Mar 13, 2009 at 9:16 AM, Fastream Technologies
<ga...@fastream.com>wrote:

> Hello Arno,
> The customer still complains with 0.9.8i! Due to PCI-compliance, they must
> disable SSLv2 and that part works. The strange things are,
>
> - only https port stalls
> - no fatal issue--service could shut down gracefully
> - 3 drops in 24 hours
>
> HTH,
>
> SZ
>   On Thu, Mar 12, 2009 at 7:56 PM, Arno Garrels <arno.garr...@gmx.de>wrote:
>
>> Fastream Technologies wrote:
>> > Hello,
>> >
>> > Seems that the connections are rejected. I am using TSslContext
>> > options to set ssl version and the customer disabled SSLv2. He says
>> > IE and FF on Win. gave general SSL errors yet Opera on Blackberry
>> > complained about TLSv1 but unfortunately he could not recall the
>> > exact message.
>>
>> Provided SSLv2 is correctly disabled in your code (we discussed this
>> topic multiple times in the ICS-SSL list, AFAIR), I would search the
>> newer OpenSSL change logs first since this _might be a known or fixed
>> SSL handshake issue in OpenSSL (rather unlikely, though).
>> The worst case with session caching _should be no successful hits on
>> lookups, which indeed was slower than no session caching.
>>
>> --
>> Arno Garrels
>>
>> >
>> > Regards,
>> >
>> > Gorkem Ates
>> >
>> > On Thu, Mar 12, 2009 at 6:25 PM, Arno Garrels <arno.garr...@gmx.de>
>> > wrote:
>> >
>> >> Fastream Technologies wrote:
>> >>> Hello,
>> >>>
>> >>> Our customer complains that when they run it for some time, only the
>> >>> ssl ports get stuck and reset connections.
>> >>
>> >> Does that mean established connections are dropped?
>> >> Or are connection attempts rejected?
>> >>
>> >>> Arno, could there be a
>> >>> problem with the avl tree caching class you provided
>> >>
>> >> Nothing is impossible ;-) Years ago I tested this class
>> >> successfully in a MT server, however that does of course not
>> >> guarantee it's bug-free. If you think it is making the trouble
>> >> you could switch to OpenSSL's own session caching.
>> >> However, if I were you I would try to reproduce the issue in
>> >> order to find out what actually goes wrong.
>> >>
>> >>> --have you
>> >>> recently fixed any issues?
>> >>
>> >> No, just one or two minor Unicode changes last year.
>> >>
>> >> --
>> >> Arno Garrels
>>
>
-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to