Apache/mod_ssl/IE problem

Apache/mod_ssl/IE problem

am 01.11.2004 20:40:18 von d.j.potts

Hello,

We have a problem with apache with the following symptoms

- the number of apache processes hits MaxClients
- the CPU on the box isn't doing much when we hit the max number of apache
processes
- sometimes apache recovers after about 5 minutes and we reduce to a more
typical number of processes
- other times apache has totally locked up an required a restart

We see no pattern as to when this is occuring. It has occurred during quiet
periods and during periods of heavy load.

We have upped the MaxClients to 256, but we hit that level too.

All our users connect over SSL.

We have seen the following articles on the Microsoft site that makes us think
that this could because of broken version of IE in our user community. However,
we don't know from the articles the exact combination of OS and IE that would
cause the problems and therefore haven't been able to recreate in a test
environment.

http://support.microsoft.com/default.aspx?kbid=305217
http://www.microsoft.com/technet/security/bulletin/MS04-004. mspx


We also get the following error in the SSL error log:

[Tue Oct 26 06:43:04 2004] [error] mod_ssl: SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[Tue Oct 26 06:43:04 2004] [error] System: Connection timed out (errno: 145)

We see this quite a lot during normal operation. However, during the periods
were we hit the MaxClient processes, we see the number of these errors increase
by an order of magnitude.

Has anyone else seen similar problems and if so, what was their solution? If
this is the problem described on the MS site, what version of Windows and IE do
we need to recreate? Are there any server side only solutions?

We are running on Solaris with apache 1.2.26 and mod_ssl 2.8.10 using a Sun
Crypto 1 SSL accelerator card.

Any help greatly apprecicated.

Cheers,

Dave.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Apache/mod_ssl/IE problem

am 03.11.2004 11:38:06 von Matt Stevenson

I've also seen this problem. Haven't had the time to
find a "proper" solution. However I lowered the server
timeout to around 15 seconds, not ideal but keeps the
site going.

Hopefully someone has a better solution.

Regards
Matt

--- d.j.potts@bcs.org.uk wrote:

> Hello,
>
> We have a problem with apache with the following
> symptoms
>
> - the number of apache processes hits MaxClients
> - the CPU on the box isn't doing much when we hit
> the max number of apache
> processes
> - sometimes apache recovers after about 5 minutes
> and we reduce to a more
> typical number of processes
> - other times apache has totally locked up an
> required a restart
>
> We see no pattern as to when this is occuring. It
> has occurred during quiet
> periods and during periods of heavy load.
>
> We have upped the MaxClients to 256, but we hit that
> level too.
>
> All our users connect over SSL.
>
> We have seen the following articles on the Microsoft
> site that makes us think
> that this could because of broken version of IE in
> our user community. However,
> we don't know from the articles the exact
> combination of OS and IE that would
> cause the problems and therefore haven't been able
> to recreate in a test
> environment.
>
>
http://support.microsoft.com/default.aspx?kbid=305217
>
http://www.microsoft.com/technet/security/bulletin/MS04-004. mspx
>
>
> We also get the following error in the SSL error
> log:
>
> [Tue Oct 26 06:43:04 2004] [error] mod_ssl: SSL
> handshake interrupted by system
> [Hint: Stop button pressed in browser?!] (System
> error follows)
> [Tue Oct 26 06:43:04 2004] [error] System:
> Connection timed out (errno: 145)
>
> We see this quite a lot during normal operation.
> However, during the periods
> were we hit the MaxClient processes, we see the
> number of these errors increase
> by an order of magnitude.
>
> Has anyone else seen similar problems and if so,
> what was their solution? If
> this is the problem described on the MS site, what
> version of Windows and IE do
> we need to recreate? Are there any server side only
> solutions?
>
> We are running on Solaris with apache 1.2.26 and
> mod_ssl 2.8.10 using a Sun
> Crypto 1 SSL accelerator card.
>
> Any help greatly apprecicated.
>
> Cheers,
>
> Dave.
>
____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> modssl-users@modssl.org
> Automated List Manager
> majordomo@modssl.org
>




__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org