You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Qingshan Xie <xi...@yahoo.com> on 2006/10/13 19:39:06 UTC
[users@httpd] Is KeepAlive applicable on HTTPS/SSL server?
Hi! All,
We have a 2.0.59 HTTPS server on Solaris 8. After
I turned on "KeepAlive On" and monitored it by
mod_status, I did not see any connection in KeepAlive
state. Seems keepalive is not applicable on HTTPS/SSL
server. Can some one tell me if this is true and why?
Thx, Q.Xie
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is KeepAlive applicable on HTTPS/SSL server?
Posted by Qingshan Xie <xi...@yahoo.com>.
After I commented the following lines in httpd.conf,
the KeepAlive on a HTTPS server was working.
#BrowserMatch "Mozilla/2" nokeepalive
#BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
force-response-1.0
......
#SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
but I am not sure what is the negative impact of this
disabling. If you know it, please let me know.
Many Thanks, Q.Xie
--- Joshua Slive <jo...@slive.ca> wrote:
> On 10/14/06, Qingshan Xie <xi...@yahoo.com> wrote:
> >
> > > KeepAlive (persistent-connections) and SSL can
> work
> > > fine together.
> > > But many configurations (including the default)
> > > include something like
> > > BrowserMatch ".*MSIE.*" \
> > > nokeepalive ssl-unclean-shutdown \
> > > downgrade-1.0 force-response-1.0
> > > which turns them off for the majority of
> browsers.
> >
> > Disabled the above line, but still did not see the
> > keepAlive working in my HTTPS server. Any idea?
>
> It could be that you have keepalive turned off
> elsewhere in your
> config, or it could be that the clients are not
> using http/1.1 or not
> requesting keepalive connections.
>
> Joshua.
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is KeepAlive applicable on HTTPS/SSL server?
Posted by Joshua Slive <jo...@slive.ca>.
On 10/14/06, Qingshan Xie <xi...@yahoo.com> wrote:
>
> > KeepAlive (persistent-connections) and SSL can work
> > fine together.
> > But many configurations (including the default)
> > include something like
> > BrowserMatch ".*MSIE.*" \
> > nokeepalive ssl-unclean-shutdown \
> > downgrade-1.0 force-response-1.0
> > which turns them off for the majority of browsers.
>
> Disabled the above line, but still did not see the
> keepAlive working in my HTTPS server. Any idea?
It could be that you have keepalive turned off elsewhere in your
config, or it could be that the clients are not using http/1.1 or not
requesting keepalive connections.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is KeepAlive applicable on HTTPS/SSL server?
Posted by Qingshan Xie <xi...@yahoo.com>.
--- Joshua Slive <jo...@slive.ca> wrote:
> On 10/13/06, Qingshan Xie <xi...@yahoo.com> wrote:
> > Hi! All,
> >
> > We have a 2.0.59 HTTPS server on Solaris 8.
> After
> > I turned on "KeepAlive On" and monitored it by
> > mod_status, I did not see any connection in
> KeepAlive
> > state. Seems keepalive is not applicable on
> HTTPS/SSL
> > server. Can some one tell me if this is true and
> why?
>
> KeepAlive (persistent-connections) and SSL can work
> fine together.
> But many configurations (including the default)
> include something like
> BrowserMatch ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> which turns them off for the majority of browsers.
Disabled the above line, but still did not see the
keepAlive working in my HTTPS server. Any idea?
Thx, Q.Xie
>
> Whether this dumbing-down is really necessary is an
> open question.
> Some people report success without this config.
>
> Joshua.
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is KeepAlive applicable on HTTPS/SSL server?
Posted by Joshua Slive <jo...@slive.ca>.
On 10/13/06, Qingshan Xie <xi...@yahoo.com> wrote:
> Hi! All,
>
> We have a 2.0.59 HTTPS server on Solaris 8. After
> I turned on "KeepAlive On" and monitored it by
> mod_status, I did not see any connection in KeepAlive
> state. Seems keepalive is not applicable on HTTPS/SSL
> server. Can some one tell me if this is true and why?
KeepAlive (persistent-connections) and SSL can work fine together.
But many configurations (including the default) include something like
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
which turns them off for the majority of browsers.
Whether this dumbing-down is really necessary is an open question.
Some people report success without this config.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is KeepAlive applicable on HTTPS/SSL server?
Posted by Qingshan Xie <xi...@yahoo.com>.
Serge, Thanks for your quick reply.
I think HTTPS uses the same protocol as HTTP but above
ssl. It's still stateless. I am not sure your
statement, "HTTPS connections are always active untill
client leaves your site". Can you explain more?
Many Thanks, Q.Xie
--- Serge Dubrouski <se...@gmail.com> wrote:
> HTTP is sessionless protocol so it needs KeepAlive
> feature to keep TCP
> connection active. HTTPS connections are always
> active untill client
> leaves your site.
>
> On 10/13/06, Qingshan Xie <xi...@yahoo.com> wrote:
> > Hi! All,
> >
> > We have a 2.0.59 HTTPS server on Solaris 8.
> After
> > I turned on "KeepAlive On" and monitored it by
> > mod_status, I did not see any connection in
> KeepAlive
> > state. Seems keepalive is not applicable on
> HTTPS/SSL
> > server. Can some one tell me if this is true and
> why?
> >
> > Thx, Q.Xie
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > The official User-To-User support forum of the
> Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html>
> for more info.
> > To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> > " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail:
> users-help@httpd.apache.org
> >
> >
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is KeepAlive applicable on HTTPS/SSL server?
Posted by Serge Dubrouski <se...@gmail.com>.
HTTP is sessionless protocol so it needs KeepAlive feature to keep TCP
connection active. HTTPS connections are always active untill client
leaves your site.
On 10/13/06, Qingshan Xie <xi...@yahoo.com> wrote:
> Hi! All,
>
> We have a 2.0.59 HTTPS server on Solaris 8. After
> I turned on "KeepAlive On" and monitored it by
> mod_status, I did not see any connection in KeepAlive
> state. Seems keepalive is not applicable on HTTPS/SSL
> server. Can some one tell me if this is true and why?
>
> Thx, Q.Xie
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org