SSLSessionCache and MSIE "Page Not Found" problems

Hello list,

I'm having a problem with Apache/mod-ssl that I'm unable to figure out.
An unreasonably high number of users trying to access the site with
Win/MSIE get "Page Not Found" errors. When we look in the logs, what I
see is subsequent SSL connections after the initial session
establishment failing. The user can click their "Back" button, try the
form submit again, and the server will eventually give up, issue the
user a new SSL session, and the user's action will take. Then the next
form submit, the problem starts again. It is usually people behind
firewalls that have the problem, and any one given user will either not
have the problem at all, or tend to have lots of problems with it.

My boss is on me about this, I'm more or less a newbie/dabbler, and my
Linux server admin guy says he's looked into the problem and can't come
up with a reason why or a resolution. But these users can go to other
secure sites and not have the problem.

I need help, and I'm willing to pay to have the problem fixed. Please
advise on where to go from here.

Thanks,

-Derrick Fogle
-Technology Coordinator
-MO Lions Eye Research Foundation
-404 Portland St, Columbia MO 65201
-573-443-1471

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLSessionCache and MSIE "Page Not Found" problems

On Wed, Apr 23, 2003 at 01:08:49PM -0500, Derrick Fogle wrote:
> Hello list,
>
> I'm having a problem with Apache/mod-ssl that I'm unable to figure out.
> An unreasonably high number of users trying to access the site with
> Win/MSIE get "Page Not Found" errors. When we look in the logs, what I
> see is subsequent SSL connections after the initial session
> establishment failing. The user can click their "Back" button, try the
> form submit again, and the server will eventually give up, issue the
> user a new SSL session, and the user's action will take. Then the next
> form submit, the problem starts again. It is usually people behind
> firewalls that have the problem, and any one given user will either not
> have the problem at all, or tend to have lots of problems with it.
>
Using which type of SSLSessionCache?

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLSessionCache and MSIE "Page Not Found" problems

On Wednesday, April 23, 2003, at 01:33 PM, Mads Toftum wrote:

> Using which type of SSLSessionCache?

SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache

-Derrick

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLSessionCache and MSIE "Page Not Found" problems

Sounds like a point at which you now need to make contact with those
firewall guru's and network folks at the other ends where users are having
troubles to see if you can lock it down to a particular firewall product
or setup that is causing these troubles. The pix, doing NAT/PAT seems to
do some funky things we've had to learn to work around, though, I've also
seen other firewals, still doing NAT/PAT translations do similiar things
now and then. Course, hopefully those you do make contact with are indeed
guru's, working for a sta government, wee;ve found that few are, most tend
to know enough to put it in, turn it on and let it run. Have you
documented whether or not the troubled sites coming at you are doing more
then mere firewalling, like NAT/PAT translations and or proxying?

Thanks,

Ron DuFresne


On Wed, 23 Apr 2003, Derrick Fogle wrote:

> Hello list,
>
> I'm having a problem with Apache/mod-ssl that I'm unable to figure out.
> An unreasonably high number of users trying to access the site with
> Win/MSIE get "Page Not Found" errors. When we look in the logs, what I
> see is subsequent SSL connections after the initial session
> establishment failing. The user can click their "Back" button, try the
> form submit again, and the server will eventually give up, issue the
> user a new SSL session, and the user's action will take. Then the next
> form submit, the problem starts again. It is usually people behind
> firewalls that have the problem, and any one given user will either not
> have the problem at all, or tend to have lots of problems with it.
>
> My boss is on me about this, I'm more or less a newbie/dabbler, and my
> Linux server admin guy says he's looked into the problem and can't come
> up with a reason why or a resolution. But these users can go to other
> secure sites and not have the problem.
>
> I need help, and I'm willing to pay to have the problem fixed. Please
> advise on where to go from here.
>
> Thanks,
>
> -Derrick Fogle
> -Technology Coordinator
> -MO Lions Eye Research Foundation
> -404 Portland St, Columbia MO 65201
> -573-443-1471
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart

testing, only testing, and damn good at it too!

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLSessionCache and MSIE "Page Not Found" problems

On Wed, Apr 23, 2003 at 01:39:38PM -0500, Derrick Fogle wrote:
> On Wednesday, April 23, 2003, at 01:33 PM, Mads Toftum wrote:
>
> SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
>
I've seen similar problems a long time ago - I would recommend
installing the MM library and using an shm based session cache.

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLSessionCache and MSIE "Page Not Found" problems

On Wednesday, April 23, 2003, at 01:46 PM, Mads Toftum wrote:

> On Wed, Apr 23, 2003 at 01:39:38PM -0500, Derrick Fogle wrote:
>> On Wednesday, April 23, 2003, at 01:33 PM, Mads Toftum wrote:
>>
>> SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
>>
> I've seen similar problems a long time ago - I would recommend
> installing the MM library and using an shm based session cache.

Thanks for the suggestions everyone. I think I've got enough to chew on
for now.

-Derrick

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org