Apologies for the delay, been a crazy few days. Thanks for the reply.
Looking at common code paths that lead to a 400 error, I'd imagine two possible scenarios: 1. Something is mangling the initial TLS hello, can you verify that the raw packet makes sense? 2. Worker exhaustion, given that you seem to be proxying requests, does this happen during particularly busy moments?
1 - That does seem like the most likely, however when we look at the pcaps the ClientHello looks indistinguishable from a successful handshake with the same client (excluding the random elements, ephemeral port etc) 2 - Interesting, I would expect worker exhaustion to log something along the lines of the MaxClients in the error log. Is there a form of exhaustion that wouldn't log?
There are too many variables to contend with here, especially with the upstream firewall potentially mangling things and the proxy and downstream server potentially killing a request early.
Agreed, however as its within the TLS handshake I don't see how the proxied server could have a bearing on it as the request physically hasn't providedenough information to the httpd instance to be able to proxy it yet etc; I'd
also expect that to log in the access log?
We think we've got it reproduced in a more controlled environment however
we need to confirm with traffic captures etc. Thanks, Rob -- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|