httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: mod_ssl and slow first connection
Date Fri, 12 Sep 2003 15:09:50 GMT
At 02:46 AM 9/12/2003, Apache-Mailing wrote:
>Hi,
>
>i did test with openssl 0.9.6 and openssl 0.9.7 and it's the same
>behaviour, but i found what was wrong.
>
>If IE or Netscape are accepting both sslv2 and sslv3, and the mod_ssl is
>setup with SSLProtocol ALL, it take long time before the popup show up.
>
>If you force to SSLv3 or SSLv2 with mod_ssl, the popup show up
>immediatly.

It sounds like the negotiation code in OpenSSL is looking for a block 
of bytes longer with a longer initiation list than the client provides for
an SSLv3 or SSLv2 handshake.

This means, since they weren't stacked in the best order, that OpenSSL
can only finish handshaking after the client times out to Apache.

>I think i had a problem with the couple cipher/protocol too.

If you want to help the OpenSSL team fix this, you might use a very
limited list of one additional protocol plus SSLv2 or SSLv3.

Then see which combination of two ciphers causes everything to choke
waiting for the timeout.

Bill


>Le jeu 11/09/2003 à 18:51, William A. Rowe, Jr. a écrit :
>> At 05:20 AM 9/11/2003, Apache-Mailing wrote:
>> >Hi,
>> >
>> >I am actually doing bench on ssl and apache 2.0.47
>> >I can notice that the first connection is slow and the popup about the
>> >server certificate take time (~40sec) to show up.
>> 
>> Matthieu, which version of OpenSSL are you building with?
>> 
>> Bill



Mime
View raw message