httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46952] ssl renegotiation hangs with long ca list
Date Wed, 20 Jul 2011 16:29:58 GMT

--- Comment #22 from keven <> 2011-07-20 16:29:58 UTC ---
(In reply to comment #20)
> (In reply to comment #19)
> > I forgot: the fix for this specific issue is in 2.2.15.
> > 
> > If you are seeing reneg failures with 2.2.15 it is likely to be related to the
> > fixes for CVE-2009-3555.  Please contact in the first
> > instance for help diagnosing the issue.
> I am not able to get around this problem for Apache 2.2.17 (with openssl
> 0.9.8o) , 2.2.19 (with openssl 0.9.8r) and 2.2.19 (with openssl 1.0.0d) windows
> server for ios clients. Strangely the Linux server works fine but the windows
> version shows the same problem with ios clients (I am able to get it working
> for the desktop browsers, openssl -s_client and ios client with Apache on
> linux). Could there be some issue on ios client or somehow Apache on windows is
> not flushing data even thought the openssl is forcing a flush?


I also have that problem under Windows Server 2003 (haven't been able to test
it on a different version/OS). I am currently with 2.2.17 (win32) and OpenSSL
0.9.8o and I will also test with latest stable versions.
Your talking about data flush? Is it something that can be done manually to
restore temporarly the services? I saw there was a patch release but doesn't
seem to resolve the issue. This patch is included in 2.2.17 or higher?

FYI, here's the error I have in the apache logs.
[Fri Jun 03 13:46:45 2011] [info] Subsequent (No.100) HTTPS request received
for child 970 (server genesys:443)
[Fri Jun 03 13:46:45 2011] [debug] ssl_engine_io.c(1708): OpenSSL: I/O error, 5
bytes expected to read on BIO#108da8d8 [mem: 10514300]
[Fri Jun 03 13:46:45 2011] [info] (OS 10060)A connection attempt failed because
the connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to respond.  :
SSL input filter read failed.
[Fri Jun 03 13:46:45 2011] [debug] ssl_engine_kernel.c(1749): OpenSSL: Write:
SSL negotiation finished successfully
[Fri Jun 03 13:46:45 2011] [info] Connection to child 956 closed with standard
shutdown(server genesys:443, client

Thank you.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message