You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Muhammad Hernawan <mw...@yahoo.com.INVALID> on 2018/10/21 07:25:28 UTC
[users@httpd] Failed to acquire SSL session cache lock
This problem occurs after 1-3 days of apache start. After restarting apache, the error / warning does not occur again, but after some time or several days, the error occurs again. Until now I did not know what the cause of the error are.
Here is the error log, I got ssl:warn on my error log:
Invalid argument: AH02026: Failed to acquire SSL session cache lock
Invalid argument: AH02027: Failed to release SSL session cache lock
Invalid argument: AH01948: Failed to acquire OCSP ssl-stapling lock
Invalid argument: AH01949: Failed to release OCSP ssl-stapling lock
Invalid argument: AH01948: Failed to acquire OCSP ssl-stapling-refresh lock
Invalid argument: AH01948: Failed to acquire OCSP ssl-stapling lock
Invalid argument: AH01949: Failed to release OCSP ssl-stapling lock
I use Apache/2.4.29 (Ubuntu 18.04). I use http2 and ssl-stapling.
Re: [users@httpd] Re: Failed to acquire SSL session cache lock
Posted by Muhammad Hernawan <mw...@yahoo.com.INVALID>.
sorry for 4 times thread. this happened caused by dot invalid in the end of my email address so i think the previous thread rejected, so i create new thread again and again.
Sent from Yahoo Mail on Android
On Wed, Oct 24, 2018 at 1:59 AM, @lbutlr<kr...@kreme.com> wrote: On 22 Oct 2018, at 08:02, Muhammad Hernawan <mw...@yahoo.com.INVALID> wrote:
> please create new thread for your issue
Says the person who posted 4 times for one issue…
--
Up the airy mountains, down the rushy glen... From ghosties and bogles
and long-leggity beasties... My mother said I never should... We dare
not go a-hunting for fear... And things that go bump... Play with the
fairies in the wood... --Lords and Ladies
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Failed to acquire SSL session cache lock
Posted by "@lbutlr" <kr...@kreme.com>.
On 22 Oct 2018, at 08:02, Muhammad Hernawan <mw...@yahoo.com.INVALID> wrote:
> please create new thread for your issue
Says the person who posted 4 times for one issue…
--
Up the airy mountains, down the rushy glen... From ghosties and bogles
and long-leggity beasties... My mother said I never should... We dare
not go a-hunting for fear... And things that go bump... Play with the
fairies in the wood... --Lords and Ladies
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Failed to acquire SSL session cache lock
Posted by Muhammad Hernawan <mw...@yahoo.com.INVALID>.
please create new thread for your issue
Pada Senin, 22 Oktober 2018 20.56.05 WIB, Sanjay Kumar Sahu <sa...@gmail.com> menulis:
HI All !
Currently we are facing critical Apache/Kerberos authentication issue in our RHEL7 server running with Apache/2.4 upon changing Keytab with Crypto type=AES256. Previously it's Crypto type=all. Please check following with the details.
We are using mod_auth_kerb on Red Hat Enterprise Linux for our application MediaWiki 1.30.0 running in Apache/2.4
And we never face such issue related to kerberos authentication since we used the keytab with following cipher algorithm in the encryption method.
(des-cbc-crc)
(des-cbc-md5)
(aes256-cts-hmac-sha1-96)
(aes128-cts-hmac-sha1-96)
Later, the DES crypto type is catagoried in weak crypto type and it's denied to use in Produciton for security reason.
And we are asked to use the keytab using Advanced Encryption Standard (AES) Cryptography with either of types (AES128 or AES265) for following cipher algorithm.
(aes256-cts-hmac-sha1-96)
(aes128-cts-hmac-sha1-96)
But, unfortunately neither of the keytab encrypted with AES Crypto (AES128 or AES265) are working under Apache/2.4 and throws following error in HTTPD server Error_log.
Error_log
-----------------
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, No key table entry found for the SPN)
Please let us know if there is any solution to resolve for the issue.
On Sun, Oct 21, 2018 at 12:55 PM Muhammad Hernawan <mw...@yahoo.com.invalid> wrote:
This problem occurs after 1-3 days of apache start. After restarting apache, the error / warning does not occur again, but after some time or several days, the error occurs again. Until now I did not know what the cause of the error are.
Here is the error log, I got ssl:warn on my error log:
Invalid argument: AH02026: Failed to acquire SSL session cache lock
Invalid argument: AH02027: Failed to release SSL session cache lock
Invalid argument: AH01948: Failed to acquire OCSP ssl-stapling lock
Invalid argument: AH01949: Failed to release OCSP ssl-stapling lock
Invalid argument: AH01948: Failed to acquire OCSP ssl-stapling-refresh lock
Invalid argument: AH01948: Failed to acquire OCSP ssl-stapling lock
Invalid argument: AH01949: Failed to release OCSP ssl-stapling lock
I use Apache/2.4.29 (Ubuntu 18.04). I use http2 and ssl-stapling.
--
Thanks & Regards,
Sanjay Kumar Sahu
Re: [users@httpd] Failed to acquire SSL session cache lock
Posted by Sanjay Kumar Sahu <sa...@gmail.com>.
HI All !
Currently we are facing critical Apache/Kerberos authentication issue in
our RHEL7 server running with Apache/2.4 upon changing Keytab with Crypto
type=AES256. Previously it's Crypto type=all. Please check following with
the details.
We are using mod_auth_kerb on Red Hat Enterprise Linux for our application
MediaWiki 1.30.0 running in Apache/2.4
And we never face such issue related to kerberos authentication since we
used the keytab with following cipher algorithm in the encryption method.
(des-cbc-crc)
(des-cbc-md5)
(aes256-cts-hmac-sha1-96)
(aes128-cts-hmac-sha1-96)
Later, the DES crypto type is catagoried in weak crypto type and it's
denied to use in Produciton for security reason.
And we are asked to use the keytab using Advanced Encryption Standard (AES)
Cryptography with either of types (AES128 or AES265) for following cipher
algorithm.
(aes256-cts-hmac-sha1-96)
(aes128-cts-hmac-sha1-96)
But, unfortunately neither of the keytab encrypted with AES Crypto (AES128
or AES265) are working under Apache/2.4 and throws following error in HTTPD
server Error_log.
Error_log
-----------------
gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may
provide more information (, No key table entry found for the SPN)
Please let us know if there is any solution to resolve for the issue.
On Sun, Oct 21, 2018 at 12:55 PM Muhammad Hernawan
<mw...@yahoo.com.invalid> wrote:
> This problem occurs after 1-3 days of apache start. After restarting
> apache, the error / warning does not occur again, but after some time or
> several days, the error occurs again. Until now I did not know what the
> cause of the error are.
>
> Here is the error log, I got ssl:warn on my error log:
>
> Invalid argument: AH02026: Failed to acquire SSL session cache lock
> Invalid argument: AH02027: Failed to release SSL session cache lock
> Invalid argument: AH01948: Failed to acquire OCSP ssl-stapling lock
> Invalid argument: AH01949: Failed to release OCSP ssl-stapling lock
> Invalid argument: AH01948: Failed to acquire OCSP ssl-stapling-refresh lock
> Invalid argument: AH01948: Failed to acquire OCSP ssl-stapling lock
> Invalid argument: AH01949: Failed to release OCSP ssl-stapling lock
>
> I use Apache/2.4.29 (Ubuntu 18.04). I use http2 and ssl-stapling.
>
--
*Thanks & Regards,*
*Sanjay Kumar Sahu*