httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ashok Raja R <ash...@verismonetworks.com>
Subject Re: [users@httpd] apache2-2.2.3-16.18 https connection takes 30s
Date Tue, 13 Jan 2009 06:47:37 GMT
Thanks for your valuable time spent in answering me.



 >> Do you see the requests made over HTTPS appear in the access log?

I am able to see the HTTPS request in the access log.

 >> Is it possible that someone else has made a change to your machine
 >> configuration? For instance, a change to some firewall configuration?

It is not possible because only myself has access to the Server 
Configuration Change.


To Update on my Issue :
~~~~~~~~~~~~~~~~~~~~~~~

All of the sudden the https request is fine now. It is taking only 3s.
It looks very scary to me. Why suddenly it happened and how did it get 
resolved.

Now, I am very much scared about my service.

Is there anyway to trace the Issue.


Thanks for your Attention,
Regards,
Ashok Raja R

Michael Ludwig wrote:
> Ashok Raja R schrieb:
>> I am running a Apache 2.2.3-16.18 on a SUSE ES-10-SP2.
>>
>> Everything was fine till the time. But all of the sudden https
>> connection is taking too much time, approximately 30 seconds,
>> which is too much for the client.
> 
> Do you see the requests made over HTTPS appear in the access log?
> 
>> I have not done any changes to the apache configuration.
>> Everything was working fine.
> 
> Is it possible that someone else has made a change to your machine
> configuration? For instance, a change to some firewall configuration?
> 
>> SSLRandomSeed startup builtin
>> SSLRandomSeed connect builtin
>>
>> Now what does this mean. Will it be still using /dev/random to get the
>> seed.
> 
> Neither /dev/random nor /dev/urandom, but, well, a builtin source.
> 
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrandomseed
> 
>> If this parameter is making the https slow, why all of the sudden it
>> happen.
> 
> What evidence is there that SSLRandomSeed is indeed the culprit?
> 
>> TCP Dump Out Put :::
>> #######################
>>
>> 19:32:51.302794 IP 61.95.200.164.49323 > 72.20.111.200.443: S
>> 1937083897:1937083897(0) win 5840 <mss 1460,sackOK,timestamp 333274101
>> 0,nop,wscale 2>
>> 19:32:51.302852 IP 72.20.111.200.443 > 61.95.200.164.49323: S
>> 2039907506:2039907506(0) ack 1937083898 win 5792 <mss
>> 1460,sackOK,timestamp 8006333 333274101,nop,wscale 2>
> 
> This looks like something is accepting connections here.
> 
>> [...]
>> 325:522(197) ack 2646 win 2908 <nop,nop,timestamp 333274342 8006496>
>> 19:32:52.302656 IP 72.20.111.200.443 > 61.95.200.164.49323: . ack 522
>> win 1984 <nop,nop,timestamp 8006583 333274342>
>>
>> Waits here for 25 second
>>
>> 19:33:17.323689 IP 72.20.111.200.443 > 61.95.200.164.49323: .
>> 2646:4094(1448) ack 522 win 1984 <nop,nop,timestamp 8012838 333274342>
> 
> Sorry, no idea. What's going on in that precise instant?
> 
> Michael Ludwig
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message