httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregg L. Smith" <>
Subject Re: SSL and windows with AcceptFilter https none
Date Tue, 17 Jan 2012 20:06:27 GMT
On 1/17/2012 11:25 AM, Steffen wrote:
> It is line with our reports. Thanks, and this confirms again there is some broken serious.
> For me a showstopper 2.4, tons of win users going to deal with this.
> Work around is to use 2.2.21 SSL-only and minimal config in front of 2.4.
Another possible workaround.

Not to set the AcceptFilter to none for https and reduce the 
|MaxConnectionsPerChild so the server respawns new child processes more 
often. This should have the same effect (if you can get the number 
right) to scheduling a graceful restart every N minutes/hours|.  I had 
done the latter (scheduling graceful restarts) to keep Apache answering 
when the AcceptFilter for both http & https were broken since I would 
get the AcceptEx errors and eventually server would not respond.

I second the Thanks to Daniel for taking the time to test this and give 
his opinion on the matter.



> Op 17 jan. 2012 om 15:37 heeft Daniel Ruggeri<>  het volgende
>> All;
>>    I have submitted PR 52476 to track and document this bug. I've
>> uploaded the logs from my tests where I was able to duplicate the problem.
>>    Initially I was just setting up my testbed and hitting to
>> make sure the small LWP script can duplicate the problem and help track
>> it down... it was trival to reproduce the bug on this Winsows 7 x64
>> installation. Since I was able to reproduce quickly, I never got past
>> testing on local IP's, though this should suffice since it's technically
>> running through the TCP stack just as well.
>>    I was able to reproduce inconsistently in Firefox 8.0.1 and IE 8
>> after enabling AcceptFilter https none. I was able to consistently
>> reproduce the error with openssl-based clients (LWP and openssl
>> s_client). The common error across all clients is a complaint with the
>> ClientHello message. I was not able to find a failure where partial
>> content was served - it was all or nothing for me at an SSL connection
>> level.
>>    I don't have the expertise to dig into this one, but since several
>> folks have been unable to reproduce the problem, I'll be happy to serve
>> as a testing ground.
>> -- 
>> Daniel Ruggeri

View raw message