You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@trafficserver.apache.org by Kimmo Karlsson <ki...@rovio.com> on 2011/11/04 12:23:10 UTC
HTTPS connection timeout with Chrome
Hi All,
I have ATS as a reverse proxy with SSL termination. Otherwise everything works just fine, but when I connect to ATS with Chrome over HTTPS, I get a connection timeout on the first attempt. After clicking "reload" it works. (Plain HTTP also works fine.) I searched the web for Chrome -related HTTPS problems and found out about "SSL false start". I then started Chrome (v15) with "--disable-ssl-false-start" command-line parameter and got no connection timeouts. I got no timeouts on Firefox7 and IE9, either.
Has anybody else had similar problems? Is there some configuration option in ATS that I missed? Are there actually problems with SSL false start -support in ATS or is this something else?
I have compiled ATS-3.0.1 with OpenSSL-1.0.0d, but the system also has an older version of libssl, if that makes any difference.
Thanks,
-- Kimmo
Re: HTTPS connection timeout with Chrome
Posted by sridhar basam <sr...@basam.org>.
On Fri, Nov 4, 2011 at 7:23 AM, Kimmo Karlsson <ki...@rovio.com>wrote:
> Hi All,
>
> I have ATS as a reverse proxy with SSL termination. Otherwise everything
> works just fine, but when I connect to ATS with Chrome over HTTPS, I get a
> connection timeout on the first attempt. After clicking "reload" it works.
> (Plain HTTP also works fine.) I searched the web for Chrome -related HTTPS
> problems and found out about "SSL false start". I then started Chrome (v15)
> with "--disable-ssl-false-start" command-line parameter and got no
> connection timeouts. I got no timeouts on Firefox7 and IE9, either.
>
> Has anybody else had similar problems? Is there some configuration option
> in ATS that I missed? Are there actually problems with SSL false start
> -support in ATS or is this something else?
>
> I have compiled ATS-3.0.1 with OpenSSL-1.0.0d, but the system also has an
> older version of libssl, if that makes any difference.
>
>
There isn't support for false start in openssl as yet. If you want to hand
roll support, check out the link below.
http://technotes.googlecode.com/git-history/3bea6d3d226c878577c0d520784e14f2c8efbe1c/openssl-1.0.0d-falsestart.patch
Sridhar
RE: HTTPS connection timeout with Chrome
Posted by Ben Snowden <bs...@ColdJet.com>.
Probably this bug: https://issues.apache.org/jira/browse/TS-888
I had the same problem with Firefox. There is a patch in the bug report that fixed the issue for me.
Ben
-----Original Message-----
From: Kimmo Karlsson [mailto:kimmo.karlsson@rovio.com]
Sent: Friday, November 04, 2011 7:23 AM
To: users@trafficserver.apache.org
Subject: HTTPS connection timeout with Chrome
Hi All,
I have ATS as a reverse proxy with SSL termination. Otherwise everything works just fine, but when I connect to ATS with Chrome over HTTPS, I get a connection timeout on the first attempt. After clicking "reload" it works. (Plain HTTP also works fine.) I searched the web for Chrome -related HTTPS problems and found out about "SSL false start". I then started Chrome (v15) with "--disable-ssl-false-start" command-line parameter and got no connection timeouts. I got no timeouts on Firefox7 and IE9, either.
Has anybody else had similar problems? Is there some configuration option in ATS that I missed? Are there actually problems with SSL false start -support in ATS or is this something else?
I have compiled ATS-3.0.1 with OpenSSL-1.0.0d, but the system also has an older version of libssl, if that makes any difference.
Thanks,
-- Kimmo