Apache mod_ssl TLS channel dying in 5 seconds - how do I extend that timeout?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I'm an IIS admin and new to the list.
I've done the best I can with mod_ssl documentation, google, etc, and can't
find anyone else who's even experienced my problem, much less found a solution.
That, of course, makes me wonder whether I'm even understanding it correctly,
but I see it plain as day in my WireShark traces.
I've got a race condition with a slow
IIS server. The IIS server successfully TLS connects to my Apache server,
and sends an encrypted request. The Apache server responds successfully,
and the IIS server is usually happy and done. 5 seconds later, a TLS Rec
Layer-1 Encrypted Alert is transmitted by the Apache server and the TLS
conversation is terminated. Every now and again, though, the negotiation
is complicated by the IIS server when it submits a second or third encrypted
request through the existing, open TLS channel. 999 times in 1000 all these
negotiations are flawless.
1 time in 1000 the slow IIS server takes
exactly 5 seconds to decide to send an additional encrypted request (TLS
Application Data). When this happens, the encrypted request crosses the
TLS Rec Layer-1 Encrypted Alert on the wire, resulting in "The underlying
connection was closed: The connection was closed unexpectedly."
I don't see any directive in mod_ssl
that allows me to extend that 5 second conversation timeout. What am I
overlooking? I'm able to modify the SSLSessionCacheTimeout directive, but
that has no impact on the 5 second timeout around any particular conversation.
Has anyone else seen this kind of behavior?
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
