You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Lavoie,Alain [CMC]" <Al...@ec.gc.ca> on 2007/08/22 17:02:19 UTC
[users@httpd] Apache is slow with SSL
Hello,
I have a Debian etch with apache2-2.2.3-4 and openssl-0.9.8c-4
2 VirtualHosts are configured on this server, one regular on port 80 and
the other with SSL on port 443.
The 2 sites are almost the same except the one with SSL deals with
private informations.
When I request any pages on the regular site (port 80), the answer is
fast. However, when I do a request on the
SSL site, it's taking an average of 30sec to display the page. When I do
a tcpdump I can see an increase
of sync/ack, push traffics. This increase is around the double. I
created my certificate with this command:
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
and I have these 2 lines in my VH:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
I'm sure this slowness and the increase of traffic are not
normal. Can someone gives me some
advises to fix this problem.
Thanks!
Levoy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache is slow with SSL
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On 8/22/07, Lavoie,Alain [CMC] <Al...@ec.gc.ca> wrote:
> > When I request any pages on the regular site (port 80), the answer is
> > fast. However, when I do a request on the
> > SSL site, it's taking an average of 30sec to display the page. When I do
> > a tcpdump I can see an increase
> > of sync/ack, push traffics.
On 22.08.07 11:13, Joshua Slive wrote:
> More network exchanges with ssl would be perfectly normal, since the
> SSL layer needs to be setup before the HTTP transaction happens. But
> 30 seconds is absurdly long. The first place I would look is random
> number generation. Perhaps you need to check the setting of
> SSLRandomSeed.
maybe reading seed from /dev/urandom instead of /dev/random would help here.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache is slow with SSL
Posted by Joshua Slive <jo...@slive.ca>.
On 8/22/07, Lavoie,Alain [CMC] <Al...@ec.gc.ca> wrote:
> Hello,
>
> I have a Debian etch with apache2-2.2.3-4 and openssl-0.9.8c-4
> 2 VirtualHosts are configured on this server, one regular on port 80 and
> the other with SSL on port 443.
> The 2 sites are almost the same except the one with SSL deals with
> private informations.
> When I request any pages on the regular site (port 80), the answer is
> fast. However, when I do a request on the
> SSL site, it's taking an average of 30sec to display the page. When I do
> a tcpdump I can see an increase
> of sync/ack, push traffics. This increase is around the double. I
> created my certificate with this command:
> make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
> and I have these 2 lines in my VH:
> SSLEngine on
> SSLCertificateFile /etc/apache2/ssl/apache.pem
>
> I'm sure this slowness and the increase of traffic are not
> normal. Can someone gives me some
> advises to fix this problem.
I'm not an expert in this, but...
More network exchanges with ssl would be perfectly normal, since the
SSL layer needs to be setup before the HTTP transaction happens. But
30 seconds is absurdly long. The first place I would look is random
number generation. Perhaps you need to check the setting of
SSLRandomSeed.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org