You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Matthew Fletcher <MF...@serck-controls.co.uk> on 2011/04/21 12:35:51 UTC
[users@httpd] SSL (https) slowness
Hi,
I've come to this list from the subversion list due to slow initial connections over https.
There is a 15 second ish delay whenever a client connects using https, i've tracked this down in the logs to the snippet shown.
-- snip --
[Thu Apr 21 11:21:49 2011] [info] Connection: Client IP: 127.0.0.1, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
-- end --
But i really dont know how to get any further. This machine is pretty powerful, quad 3ghz xeon etc.
Full log from startup bellow,.. any help / ideas much appreciated.
[Thu Apr 21 11:21:16 2011] [info] Init: Initializing (virtual) servers for SSL
[Thu Apr 21 11:21:16 2011] [info] Configuring server for SSL protocol
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv3, TLSv1)
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(661): Configuring permitted SSL ciphers [ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM]
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(792): Configuring RSA server certificate
[Thu Apr 21 11:21:16 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(831): Configuring RSA server private key
[Thu Apr 21 11:21:16 2011] [info] mod_ssl/2.2.17 compiled against Server: Apache/2.2.17, Library: OpenSSL/0.9.8r
[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Child process is running
[Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(408): Child 3268: Retrieved our scoreboard from the parent.
[Thu Apr 21 11:21:16 2011] [info] Parent: Duplicating socket 276 and sending it to child process 3268
[Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(605): Parent: Sent 1 listeners to child 3268
[Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(564): Child 3268: retrieved 1 listeners from parent
[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Acquired the start mutex.
[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Starting 64 worker threads.
[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Listening on port 443.
[Thu Apr 21 11:21:49 2011] [info] [client 127.0.0.1] Connection to child 0 established (server pl161.serck-uk.internal:443)
[Thu Apr 21 11:21:49 2011] [info] Seeding PRNG with 144 bytes of entropy
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1866): OpenSSL: Handshake: start
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: before/accept initialization
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 11/11 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 16 03 01 00 df 01 00 00-db 03 01 ........... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 217/217 bytes from BIO#c99cd0 [mem: ca14bb] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 4d b0 05 3d 24 b5 92 40-cb c0 c7 84 df 99 b8 2f M..=$..@......./ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 1c 49 78 19 74 74 b3 0d-3f 89 d3 3d 7a 90 7c 50 .Ix.tt..?..=z.|P |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 00 00 5c c0 14 c0 0a 00-39 00 38 00 88 00 87 c0 ..\\.....9.8..... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0030: 0f c0 05 00 35 00 84 c0-12 c0 08 00 16 00 13 c0 ....5........... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0040: 0d c0 03 00 0a c0 13 c0-09 00 33 00 32 00 9a 00 ..........3.2... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0050: 99 00 45 00 44 c0 0e c0-04 00 2f 00 96 00 41 00 ..E.D...../...A. |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0060: 07 c0 11 c0 07 c0 0c c0-02 00 05 00 04 00 15 00 ................ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0070: 12 00 09 00 14 00 11 00-08 00 06 00 03 00 ff 01 ................ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0080: 00 00 56 00 00 00 0e 00-0c 00 00 09 6c 6f 63 61 ..V.........loca |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0090: 6c 68 6f 73 74 00 0b 00-04 03 00 01 02 00 0a 00 lhost........... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00a0: 34 00 32 00 01 00 02 00-03 00 04 00 05 00 06 00 4.2............. |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00b0: 07 00 08 00 09 00 0a 00-0b 00 0c 00 0d 00 0e 00 ................ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00c0: 0f 00 10 00 11 00 12 00-13 00 14 00 15 00 16 00 ................ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00d0: 17 00 18 00 19 00 23 ......# |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1865): | 0217 - <SPACES/NULS>
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1993): [client 127.0.0.1] No matching SSL virtual host for servername localhost found (using default/first virtual host)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read client hello A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server hello A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write certificate A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1274): [client 127.0.0.1] handing out temporary 1024 bit DH key
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write key exchange A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server done A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 flush data
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 16 03 01 00 86 ..... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 134/134 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 10 00 00 82 00 80 32 33-35 27 87 6b e7 19 8d c6 ......235'.k.... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 4d b5 c5 8d 61 31 b7 e1-16 83 3f 4b d3 e2 5a 6b M...a1....?K..Zk |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 7e 61 84 33 8a a1 35 94-33 e5 3f 88 0f 02 f8 8d ~a.3..5.3.?..... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0030: 04 f7 38 3f 1c cf 90 88-d1 04 eb 70 a3 e6 84 1b ..8?.......p.... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0040: ed d1 c5 36 ae 0e 73 28-9c 92 37 d6 a8 10 f7 3b ...6..s(..7....; |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0050: a7 28 d7 29 52 08 3a d3-b6 00 8e 9d 3d 86 db 44 .(.)R.:.....=..D |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0060: 78 8e 86 95 bf 04 fd ec-ce 06 fb 3c 26 c4 84 58 x..........<&..X |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0070: c1 63 7d f9 dd 76 8f 8c-f6 c8 9f ef 7a 10 94 59 .c}..v......z..Y |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0080: 9a 24 19 eb 81 64 .$...d |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read client key exchange A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 14 03 01 00 01 ..... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 1/1 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 01 . |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 16 03 01 00 30 ....0 |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 48/48 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 7d 80 c9 56 ce 34 44 1f-aa 5a ff 93 ec 07 24 72 }..V.4D..Z....$r |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 5b 20 0d 08 23 9c 8c 60-08 c2 df f9 6d a4 10 1a [ ..#..`....m... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 51 3d d5 ef 16 29 ae fc-fd 65 98 24 c4 a8 1c 78 Q=...)...e.$...x |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read finished A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write session ticket A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write change cipher spec A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write finished A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 flush data
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1870): OpenSSL: Handshake: done
[Thu Apr 21 11:21:49 2011] [info] Connection: Client IP: 127.0.0.1, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: 17 03 01 01 c0 ..... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 448/448 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: a8 e0 7d 20 25 1a 5c 47-54 3e 17 ca a2 75 cb 49 ..} %.\\GT>...u.I |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0010: 22 f5 8f 49 ec e8 62 32-0f 54 de 74 de 11 2a cf "..I..b2.T.t..*. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0020: 16 d9 87 67 d1 fd 13 5c-5b 34 68 e0 0b 79 ca 1a ...g...\\[4h..y.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0030: 9d 03 fb 5e 60 32 97 86-14 05 76 7d d4 7c b3 98 ...^`2....v}.|.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0040: 65 fa ff e6 ab 29 91 3e-0f a9 9e 9a 0c 5f 1a 8e e....).>....._.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0050: 07 32 7c f5 16 ac 98 ef-2e c6 f9 aa a1 4d 27 bc .2|..........M'. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0060: 8b eb 1f f0 2f 35 29 31-dc b0 d9 02 00 d6 33 44 ..../5)1......3D |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0070: 5c 4d 77 b1 eb b7 b5 83-c4 29 8b f9 a0 19 9e 91 \\Mw......)...... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0080: 77 df 81 3a 72 f6 41 b4-ff f3 05 8e 6e e7 38 c7 w..:r.A.....n.8. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0090: c5 bc 1f 06 57 44 01 f8-00 17 2c eb be 40 fb e6 ....WD....,..@.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00a0: 29 8c a8 5d 36 1b b6 a2-31 38 31 dd 1d fa 44 db )..]6...181...D. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00b0: 82 6e a9 f8 37 36 c8 df-aa 6a 49 6c 32 c3 81 a6 .n..76...jIl2... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00c0: d6 87 ef f6 2c 79 7b c9-40 fb ff 2e ca 0a 29 a8 ....,y{.@.....). |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00d0: 66 b7 9d f1 f0 0c 40 35-c3 0f b8 92 4d 6c ad a5 f.....@5....Ml.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00e0: e2 29 d9 0e 2f 61 2e 88-48 96 32 34 e5 8a 97 c8 .)../a..H.24.... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00f0: f3 83 45 8d e7 03 a5 99-ac 49 85 de 50 81 06 3f ..E......I..P..? |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0100: 50 f1 05 89 a1 e9 81 15-7e 6e 76 be 95 64 ff d7 P.......~nv..d.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0110: a4 9c 0d dc 53 10 20 57-bd e5 fc 49 a6 24 48 19 ....S. W...I.$H. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0120: a8 01 c4 f6 b8 aa cb c2-43 c6 d6 e5 83 36 43 ed ........C....6C. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0130: d0 60 05 1f e1 5c f3 08-2e 87 e0 c0 ac b6 db 0a .`...\\.......... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0140: 23 19 1a 4c ec 0d b5 ce-9f 63 b7 a2 fc 03 35 e5 #..L.....c....5. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0150: 4f 1a 22 79 86 53 28 11-5c 3b f3 4e d8 a7 77 54 O."y.S(.\\;.N..wT |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0160: a6 03 a9 eb 5e 15 43 4a-98 54 12 4c 49 d4 8c 58 ....^.CJ.T.LI..X |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0170: 17 f5 01 34 52 90 02 3d-da c6 11 ca 55 1a fd 3c ...4R..=....U..< |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0180: ec 81 76 e9 f6 b7 af bb-80 ee 72 7f 9e 2f 91 72 ..v.......r../.r |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0190: 69 94 bd 5d 0e d3 8f 95-01 eb d2 79 12 a4 cb 13 i..].......y.... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 01a0: 18 34 6e 1d 38 bd 43 e1-fd 0d b1 5f 9e 64 c5 5b .4n.8.C...._.d.[ |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 01b0: 42 6d ee 99 55 b3 57 6b-ef 53 54 bb 61 57 c9 70 Bm..U.Wk.ST.aW.p |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [info] Initial (No.1) HTTPS request received for child 0 (server pl161.serck-uk.internal:443)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: 17 03 01 00 80 ..... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 128/128 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: ec 8c 88 5a 99 42 6b 91-25 1f 26 94 5b f0 81 94 ...Z.Bk.%.&.[... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0010: 92 7d ac 1a 6f 78 f4 bb-de 19 81 6e 5e 30 80 03 .}..ox.....n^0.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0020: fc 96 92 ef d3 41 f8 6c-b9 d7 6c d5 72 6d 4e bf .....A.l..l.rmN. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0030: 1c d1 ea a8 68 59 4b e6-de 06 21 f9 14 af aa b5 ....hYK...!..... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0040: 03 d2 98 49 3b a0 4f 0d-1f 13 f1 7f dd 9d 8e a7 ...I;.O......... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0050: 62 69 f1 2b b0 4a eb 7a-26 ff 60 6e 29 62 7b 62 bi.+.J.z&.`n)b{b |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0060: 10 fc 84 ec af 9b 0f 55-c9 c5 46 95 ab d0 b0 d8 .......U..F..... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0070: c4 ff 41 d0 c1 b8 75 9e-8a f2 c3 79 e7 0e 60 6e ..A...u....y..`n |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
regards,
Matthew J Fletcher
**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
A company registered in England Reg. No. 4353634
Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com Admin: post@serck-controls.co.uk
A subsidiary of Schneider Electric.
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.
This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] RE: SSL (https) slowness
Posted by Matthew Fletcher <MF...@serck-controls.co.uk>.
Hi,
Just to let everyone know that the problem turned out to be that SSL applications on Windows (the TortoiseSVN client in our case) lookup www.download.windowsupdate.com to get updates to the certificate revocation list. See http://support.microsoft.com/kb/317541
We operate in an environment with no direct internet access (proxy only) so this request failed and made a 15 second pause on every connection.
regards
Matthew J Fletcher
**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
A company registered in England Reg. No. 4353634
Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com Admin: post@serck-controls.co.uk
A subsidiary of Schneider Electric.
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.
This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RE: SSL (https) slowness
Posted by Ishita Kapadiya <is...@gmail.com>.
I also faced the same problem and then decided to terminate SSL at
load balancer level and let Apache run only on http. I think mod_ssl
require some code change which may be someone take as project and work
on it.
Hope it helps.
Thanks
On Thu, Apr 21, 2011 at 7:03 AM, Matthew Fletcher
<MF...@serck-controls.co.uk> wrote:
>
> I made a guess that the was a slowness in some part of Openssl, so tried changing the following in my httpd conf
>
> SSLCipherSuite removing +HIGH:+MEDIUM
>
> did not make much diffrence.
>
> p.s my SSLRandomSeed startup and connect are builtin
>
>
> regards
>
> Matthew J Fletcher
>
>
> **********************************************************************
> Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
> A company registered in England Reg. No. 4353634
> Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
> Web: www.serck-controls.com Admin: post@serck-controls.co.uk
> A subsidiary of Schneider Electric.
> **********************************************************************
> This email and files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the above. Any views or opinions presented are those of the author
> and do not necessarily represent those of Serck Controls Ltd.
>
> This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] RE: SSL (https) slowness
Posted by Matthew Fletcher <MF...@serck-controls.co.uk>.
I made a guess that the was a slowness in some part of Openssl, so tried changing the following in my httpd conf
SSLCipherSuite removing +HIGH:+MEDIUM
did not make much diffrence.
p.s my SSLRandomSeed startup and connect are builtin
regards
Matthew J Fletcher
**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
A company registered in England Reg. No. 4353634
Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com Admin: post@serck-controls.co.uk
A subsidiary of Schneider Electric.
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.
This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org