WG: Logging SSL Handshake Duration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sry, didnt answer to list..

Hi Osama,

thanks for your answer. I will look into your suggestion to handle my connection problems.

My first and main goal however is to be able to log the request more fine-grained to be able to identify the parts of the request that produce the problem, to further exclude other factors i have no control over and to be able to distinguish between application lags and other sources like in this case the connection startup. Also I want to be able to determine afterwards, whether such a fix as yours did the trick. I am using an ELK environment to analyse my data and i basically want an indexed field for the elapsed time after a handshake is finished as opposed to a overall responsetime from which I cannot determine, which part took way too long.

Thanks again and have a nice day Everyone!

Timo
Von: Osama Elnaggar [oelnaggar04@xxxxxxxxx]
Gesendet: Mittwoch, 15. November 2017 19:41
An: Timo Coutura; users@xxxxxxxxxxxxxxxx
Betreff: Re: Logging SSL Handshake Duration

Hi Timo,

>From what you described, your problem may be related to OCSP.  Have you tried OCSP stapling?

-- 
Osama Elnaggar

On November 15, 2017 at 9:26:29 PM, Timo Coutura (timo.coutura@xxxxxxxxxxxxxxxxxxxxxxx) wrote:


Hi Everyone,

I am looking for a way to determine the time spent on a SSL Handshake in an access log. So far i’ve discovered only env-vars and log formats (like %D) returning the overall time spent on a request. The background here is that i sometimes get requests which take up to 10 seconds, all of them being initial requests, so the handshake has to be done. The actual request to the application gets independently logged and does take some milliseconds.

I have enabled ssl logging on debug level but cannot specifically reproduce these kind of requests and parsing this debug log for time spent for the handshake is not an option on the very busy production server.

Are there any env-vars that provide more specific information on time spent in the different phases of a request?

Thank you very much in advance!

Best regards,
Timo
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux