httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "TAYLOR, TIM \(CONTRACTOR\)" <TIM.TAY...@DFAS.MIL>
Subject SSL re-inits and re-negotiations
Date Fri, 17 Dec 2004 21:06:36 GMT
I notice in my SSL Error log (with Debug on) that upon startup, initialization seems to happen
twice.

[Fri Dec 17 13:57:53 2004] [info] Loading certificate & private key of SSL-aware server
[Fri Dec 17 13:57:53 2004] [info] Init: Requesting pass phrase via builtin terminal dialog
[Fri Dec 17 13:58:02 2004] [debug] ssl_engine_pphrase.c(474): encrypted RSA private key -
pass phrase requested
[Fri Dec 17 13:58:03 2004] [info] Configuring server for SSL protocol
[Fri Dec 17 13:58:03 2004] [debug] ssl_engine_init.c(404): Creating new SSL context (protocols:
SSLv3, TLSv1)
[Fri Dec 17 13:58:03 2004] [debug] ssl_engine_init.c(521): Configuring client authentication
[Fri Dec 17 13:58:03 2004] [debug] ssl_engine_init.c(536): Configuring certificateRequest
message
[Fri Dec 17 13:58:03 2004] [debug] ssl_engine_init.c(1080): CA certificate: ...
[Fri Dec 17 13:58:03 2004] [debug] ssl_engine_init.c(587): Configuring permitted SSL ciphers
[RSA:...
[Fri Dec 17 13:58:03 2004] [debug] ssl_engine_init.c(612): Configuring certificate revocation
facility
[Fri Dec 17 13:58:03 2004] [debug] ssl_engine_init.c(715): Configuring RSA server certificate
[Fri Dec 17 13:58:03 2004] [debug] ssl_engine_init.c(754): Configuring RSA server private
key
[Fri Dec 17 13:58:03 2004] [info] Loading certificate & private key of SSL-aware server
[Fri Dec 17 13:58:03 2004] [info] host.domain.name reusing existing RSA private key on restart
[Fri Dec 17 13:58:05 2004] [info] Configuring server for SSL protocol
[Fri Dec 17 13:58:05 2004] [debug] ssl_engine_init.c(404): Creating new SSL context (protocols:
SSLv3, TLSv1)
[Fri Dec 17 13:58:05 2004] [debug] ssl_engine_init.c(521): Configuring client authentication
[Fri Dec 17 13:58:05 2004] [debug] ssl_engine_init.c(536): Configuring certificateRequest
message
[Fri Dec 17 13:58:05 2004] [debug] ssl_engine_init.c(1080): CA certificate: /...
[Fri Dec 17 13:58:05 2004] [debug] ssl_engine_init.c(587): Configuring permitted SSL ciphers
[RSA:...
[Fri Dec 17 13:58:05 2004] [debug] ssl_engine_init.c(612): Configuring certificate revocation
facility
[Fri Dec 17 13:58:05 2004] [debug] ssl_engine_init.c(715): Configuring RSA server certificate
[Fri Dec 17 13:58:05 2004] [debug] ssl_engine_init.c(754): Configuring RSA server private
key

Questions:
Why is this?

I noticed a similar situation for a single request. I get two complete handshakes? 

I initially thought it was because both my base server and virtual host needed an SSL context.
However, I dropped use of my vhosts and I still get the same behavior.

I am just curious. No problems. I have seen the for loop in ssl_engine_init.c [ssl_init_Module()]
that seems to traverse a linked list of server_rec next->pointers. If all I have is a base
server config why the duplication of initialization and handshakes?

regards,
tt
317-510-5987

Mime
View raw message