httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: [users@httpd] Apache/2.0.40, mod_ssl unexplainable errors logged
Date Wed, 28 Aug 2002 14:47:21 GMT

You could run a tcpdump localhost and port 443 for a long period of time
and see what gives. Last time I had to dig into a thing like did; regular
nmap like security sweeps where the issue.

Dw.

On Wed, 28 Aug 2002, jb2002@pc9.org wrote:

> Here is my setup (for www.pc-tools.net): Apache/2.0.40 (Unix)
> mod_ssl/2.0.40 OpenSSL/0.9.6g. Running on Linux 2.4 kernel.
>
> I am getting tons of these errors in apache's log file, sometimes
> separated by tens of minutes, other times separated by only a few
> seconds. I don't see any regularity (however I DID detect a correlation
> with non-SSL hits served, see below)
>
> [error] Spurious SSL handshake interrupt [Hint: Usually just one of those
> OpenSSL confusions!?]
>
> At first I thought this might be the result of people connecting to my
> SSL server. Then I found out that this is NOT the case. I firewalled off
> the https port so that nobody could reach my SSL server (the port 80
> server still gets plenty of traffic, however). For my remaining tests
> there was no SSL site access at all.
>
> Doing tail -f I can watch the errors continue to appear. One odd thing I
> noticed is that whenever the error appears, netstat shows this local
> connection on the server, with varying port (1924, 1936, 1949)
>
> tcp        0      0 localhost:1924          localhost:https
>
> There are no "special" programs running that could cause this local, other
> than httpd itself. Next time the error occured, I got netstat to dump
> PID/Program name which turned out to be "-"
>
> 127.0.0.1:2259          127.0.0.1:443           TIME_WAIT   -
>
> There is no PID or program name reported. But whenever one of those
> "Spurious SSL handshake interrupt" messages appears, this localhost to
> localhost connection has taken place (cause, or effect?)
>
> So this leads me to believe that this error appears when a local
> connection originates from Apache back to itself. I hypothesize that when
> an httpd thread serves a number of requests and terminates/resets, this
> causes the error (when mod_ssl gets confused upon the reset). To test the
> hypothesis I dug into my logs.
>
> Over the period of 2 days (which isn't a lot of data points) I extracted
> the time stamp from each 'Spurious' error and the time stamp from each HTTP
> request served. I tabulated both based on hour of the day, and plotted the
> results. The results seem to suggest that the trend of the errors is
> related to the trend of general HTTP traffic, which might support the idea
> of the error being caused by threads dying/reseting and pissing off
> mod_ssl.
>
> So... what can I do to stop those "Spurious SSL handshake interrupt" errors
> from appearing? As I've shown, it IS NOT related to external SSL site
> traffic. Is this an Apache or mod_ssl bug? What is that self-initiated
> local https connection?
>
> Any help appreciated. Regards,
>
> Jem Berkes
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message