You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Falk Hackenberger <ap...@spam.huckley.de> on 2017/02/23 10:39:39 UTC
[users@httpd] apache server send tlsv1.2 close notify after change cipher spec,
why?
Hello,
can help me sombody to understand why the apache webserver send sometimes a tlsv1.2 close notify without waiting for any application data
from the client?
The environment is a debian wheezy: apache2-mpm-prefork 2.2.22-13+deb7u7
I can not repeat this behavior. Any hints to debug this?
The behavior is:
client -> server TCP [SYN]
server -> client TCP [SYN, ACK]
client -> server TCP [ACK]
client -> server TLSv1.2 Client Hello
server -> client TCP [ACK]
server -> client TLSv1.2 Server Hello
server -> client TLSv1.2 Certificate
client -> server TCP [ACK]
client -> server TLSv1.2 Client Key Exchange, Change Cipher Spec, Finished
server -> client TLSv1.2 Change Cipher Spec, Finished
client -> server TCP [ACK]
server -> client TLSv1.2 125 Alert (Level: Warning, Description: Close Notify)
server -> client TCP [FIN, ACK]
client -> server TCP [ACK]
Regards,
Falk
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache server send tlsv1.2 close notify after
change cipher spec, why? (solved)
Posted by Falk Hackenberger <ap...@spam.huckley.de>.
Hello,
this is solved. The hint was, that there was a 20s delay between:
client -> server TCP [ACK]
server -> client TLSv1.2 125 Alert (Level: Warning, Description: Close
Notify)
So the client send no request for 20s after tls Change Cipher Spec and
mod_reqtimeout says goodbye to the client.
Regards,
Falk
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache server send tlsv1.2 close notify after
change cipher spec, why?
Posted by Yann Ylavic <yl...@gmail.com>.
On Thu, Feb 23, 2017 at 3:33 PM, Falk Hackenberger
<ap...@spam.huckley.de> wrote:
> Am 23.02.2017 um 15:01 schrieb Yann Ylavic:
>> Any TLS/SSL related entry in the error_log ?
> no.
I guess we need more info here...
Would you provide a "LogLevel trace8" log of the (reproduced) issue?
Privately if you wish and it's sensible information (though there
doesn't seem to be much data exchanged...).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache server send tlsv1.2 close notify after
change cipher spec, why?
Posted by Falk Hackenberger <ap...@spam.huckley.de>.
Am 23.02.2017 um 15:01 schrieb Yann Ylavic:
> Any TLS/SSL related entry in the error_log ?
no.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] apache server send tlsv1.2 close notify after
change cipher spec, why?
Posted by Yann Ylavic <yl...@gmail.com>.
Hi,
On Thu, Feb 23, 2017 at 11:39 AM, Falk Hackenberger
<ap...@spam.huckley.de> wrote:
>
> can help me sombody to understand why the apache webserver send sometimes a tlsv1.2 close notify without waiting for any application data
> from the client?
> The environment is a debian wheezy: apache2-mpm-prefork 2.2.22-13+deb7u7
> I can not repeat this behavior. Any hints to debug this?
Any TLS/SSL related entry in the error_log ?
Regards,
Yann.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org