OK - I tired a new setting in my mail client - let me know if this comes as
plain text.
Responses are in-line.
And here is new chain of thought:
After studying Ethereal traces taken during the problem, this problem
appears to occur anytime my browser attempts to re-use the SSL session ID.
I have attempted 2 things to try and work around - disabling SSLv3 in my
browser - the problem still occurs (see trace) and disabling SSL session
caching - also no luck.
I have noted that my server is creating the SSL cache file but it's not
creating the SSL mutex file.
Below are the Ethereal traces:
No. Time Source Destination Protocol
Info
- new ssl session key - it works
189 12.585475 10.129.149.250 204.151.176.150 TCP
1689 > https [SYN] Seq=0 Ack=0 Win=64512 Len=0 MSS=1260
190 12.586075 204.151.176.150 10.129.149.250 TCP
https > 1689 [SYN, ACK] Seq=0 Ack=1 Win=50400 Len=0 MSS=1460
191 12.586101 10.129.149.250 204.151.176.150 TCP
1689 > https [ACK] Seq=1 Ack=1 Win=64512 Len=0
192 12.609405 10.129.149.250 204.151.176.150 SSLv2
Client Hello
193 12.609945 204.151.176.150 10.129.149.250 TCP
https > 1689 [ACK] Seq=1 Ack=46 Win=50400 Len=0
194 12.610493 204.151.176.150 10.129.149.250 SSLv2
Server Hello
195 12.611325 10.129.149.250 204.151.176.150 SSLv2
Client Master Key
196 12.611846 204.151.176.150 10.129.149.250 TCP
https > 1689 [ACK] Seq=762 Ack=186 Win=50400 Len=0
199 12.636118 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data
200 12.636369 10.129.149.250 204.151.176.150 SSLv2
Encrypted Data
201 12.636960 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data
202 12.637632 10.129.149.250 204.151.176.150 SSLv2
Encrypted Data, [Unreassembled Packet]
203 12.637686 10.129.149.250 204.151.176.150 SSLv2
Encrypted Data, [Unreassembled Packet]
204 12.638546 204.151.176.150 10.129.149.250 TCP
https > 1689 [ACK] Seq=832 Ack=1769 Win=50400 Len=0
205 12.639477 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data
206 12.640166 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data, [Unreassembled Packet]
207 12.640209 10.129.149.250 204.151.176.150 TCP
1689 > https [ACK] Seq=1769 Ack=2416 Win=64512 Len=0
208 12.640244 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data, [Unreassembled Packet]
209 12.640351 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data, [Unreassembled Packet]
210 12.640367 10.129.149.250 204.151.176.150 TCP
1689 > https [ACK] Seq=1769 Ack=4936 Win=64512 Len=0
262 17.493514 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data, [Unreassembled Packet]
267 17.630522 10.129.149.250 204.151.176.150 TCP
1689 > https [ACK] Seq=1769 Ack=6196 Win=64512 Len=0
268 17.631444 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data, Encrypted Data, [Unreassembled Packet]
269 17.631501 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data, [Unreassembled Packet]
270 17.631524 10.129.149.250 204.151.176.150 TCP
1689 > https [ACK] Seq=1769 Ack=7596 Win=64512 Len=0
271 17.632893 10.129.149.250 204.151.176.150 TCP
1689 > https [FIN, ACK] Seq=1769 Ack=7596 Win=64512 Len=0
272 17.633372 204.151.176.150 10.129.149.250 TCP
https > 1689 [ACK] Seq=7596 Ack=1770 Win=50400 Len=0
- resuse ssl session key - does not work
430 21.122033 10.129.149.250 204.151.176.150 TCP
1690 > https [SYN] Seq=0 Ack=0 Win=64512 Len=0 MSS=1260
432 21.122548 204.151.176.150 10.129.149.250 TCP
https > 1690 [SYN, ACK] Seq=0 Ack=1 Win=50400 Len=0 MSS=1460
433 21.122565 10.129.149.250 204.151.176.150 TCP
1690 > https [ACK] Seq=1 Ack=1 Win=64512 Len=0
434 21.122999 10.129.149.250 204.151.176.150 SSLv2
Client Hello
435 21.123501 204.151.176.150 10.129.149.250 TCP
https > 1690 [ACK] Seq=1 Ack=62 Win=50400 Len=0
436 21.124812 204.151.176.150 10.129.149.250 TCP
https > 1690 [FIN, ACK] Seq=1 Ack=62 Win=50400 Len=0
437 21.124837 10.129.149.250 204.151.176.150 TCP
1690 > https [ACK] Seq=62 Ack=2 Win=64512 Len=0
438 21.124952 10.129.149.250 204.151.176.150 TCP
1690 > https [FIN, ACK] Seq=62 Ack=2 Win=64512 Len=0
439 21.125686 204.151.176.150 10.129.149.250 TCP
https > 1690 [ACK] Seq=2 Ack=63 Win=50400 Len=0
- new ssl session key - it works
440 21.126169 10.129.149.250 204.151.176.150 TCP
1691 > https [SYN] Seq=0 Ack=0 Win=64512 Len=0 MSS=1260
441 21.126715 204.151.176.150 10.129.149.250 TCP
https > 1691 [SYN, ACK] Seq=0 Ack=1 Win=50400 Len=0 MSS=1460
442 21.126733 10.129.149.250 204.151.176.150 TCP
1691 > https [ACK] Seq=1 Ack=1 Win=64512 Len=0
443 21.127044 10.129.149.250 204.151.176.150 SSLv2
Client Hello
444 21.127552 204.151.176.150 10.129.149.250 TCP
https > 1691 [ACK] Seq=1 Ack=46 Win=50400 Len=0
445 21.128681 204.151.176.150 10.129.149.250 SSLv2
Server Hello
446 21.129254 10.129.149.250 204.151.176.150 SSLv2
Client Master Key
447 21.129833 204.151.176.150 10.129.149.250 TCP
https > 1691 [ACK] Seq=762 Ack=186 Win=50400 Len=0
449 21.154045 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data
450 21.154309 10.129.149.250 204.151.176.150 SSLv2
Encrypted Data
451 21.154853 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data
452 21.156212 10.129.149.250 204.151.176.150 SSLv2
Encrypted Data, [Unreassembled Packet]
453 21.156271 10.129.149.250 204.151.176.150 SSLv2
Encrypted Data, [Unreassembled Packet]
454 21.157126 204.151.176.150 10.129.149.250 TCP
https > 1691 [ACK] Seq=832 Ack=1769 Win=50400 Len=0
455 21.158075 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data
456 21.158841 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data, [Unreassembled Packet]
457 21.158885 10.129.149.250 204.151.176.150 TCP
1691 > https [ACK] Seq=1769 Ack=2416 Win=64512 Len=0
458 21.158919 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data, [Unreassembled Packet]
459 21.159024 204.151.176.150 10.129.149.250 SSLv2
Encrypted Data, [Unreassembled Packet]
460 21.159040 10.129.149.250 204.151.176.150 TCP
1691 > https [ACK] Seq=1769 Ack=4936 Win=64512 Len=0
461 21.159272 204.151.176.150 10.129.149.250 TCP
[TCP Previous segment lost] https > 1691 [FIN, ACK] Seq=7595 Ack=1769
Win=50400 Len=0
462 21.159286 10.129.149.250 204.151.176.150 TCP
[TCP Dup ACK 460#1] 1691 > https [ACK] Seq=1769 Ack=4936 Win=64512 Len=0
SLE=2522522687 SRE=2522522688
661 26.013635 204.151.176.150 10.129.149.250 SSLv2
[TCP Retransmission] Encrypted Data, [Unreassembled Packet]
666 26.157727 10.129.149.250 204.151.176.150 TCP
1691 > https [ACK] Seq=1769 Ack=6196 Win=64512 Len=0 SLE=2522522687
SRE=2522522688
667 26.158646 204.151.176.150 10.129.149.250 SSLv2
[TCP Retransmission] Encrypted Data, [Unreassembled Packet]
668 26.158697 204.151.176.150 10.129.149.250 SSLv2
[TCP Retransmission] Encrypted Data, [Unreassembled Packet]
669 26.158716 10.129.149.250 204.151.176.150 TCP
1691 > https [ACK] Seq=1769 Ack=7596 Win=64512 Len=0 SLE=2522522687
SRE=2522522688
670 26.159292 10.129.149.250 204.151.176.150 TCP
1691 > https [FIN, ACK] Seq=1769 Ack=7596 Win=64512 Len=0
671 26.159765 204.151.176.150 10.129.149.250 TCP
https > 1691 [ACK] Seq=7596 Ack=1770 Win=50400 Len=0
>From the frist session - no session key is passed:
No. Time Source Destination Protocol
Info
192 12.609405 10.129.149.250 204.151.176.150 SSLv2
Client Hello
Frame 192 (99 bytes on wire, 99 bytes captured)
Ethernet II, Src: 00:08:02:da:21:42, Dst: 00:00:0c:07:ac:00
Internet Protocol, Src Addr: 10.129.149.250 (10.129.149.250), Dst Addr:
204.151.176.150 (204.151.176.150)
Transmission Control Protocol, Src Port: 1689 (1689), Dst Port: https
(443), Seq: 1, Ack: 1, Len: 45
Secure Socket Layer
SSLv2 Record Layer: Client Hello
Length: 43
Handshake Message Type: Client Hello (1)
Version: SSL 2.0 (0x0002)
Cipher Spec Length: 18
Session ID Length: 0
Challenge Length: 16
Cipher Specs (6 specs)
Challenge
>From the 2nd session - session key is passed:
No. Time Source Destination Protocol
Info
434 21.122999 10.129.149.250 204.151.176.150 SSLv2
Client Hello
Frame 434 (115 bytes on wire, 115 bytes captured)
Ethernet II, Src: 00:08:02:da:21:42, Dst: 00:00:0c:07:ac:00
Internet Protocol, Src Addr: 10.129.149.250 (10.129.149.250), Dst Addr:
204.151.176.150 (204.151.176.150)
Transmission Control Protocol, Src Port: 1690 (1690), Dst Port: https
(443), Seq: 1, Ack: 1, Len: 61
Secure Socket Layer
SSLv2 Record Layer: Client Hello
Length: 59
Handshake Message Type: Client Hello (1)
Version: SSL 2.0 (0x0002)
Cipher Spec Length: 18
Session ID Length: 16
Challenge Length: 16
Cipher Specs (6 specs)
Session ID (16 bytes)
Challenge
Thank you.
Chuck Borton
JPMorgan Chase & Co.
Global Network Engineering
Office: 614-213-8757
Cell: 614-477-4334
Pager: 6144774334@xxxxxxxxxxxxxx
|---------+---------------------------->
| | "Boyle Owen" |
| | <Owen.Boyle@xxxxx|
| | om> |
| | |
| | 06/13/2005 03:27 |
| | AM |
| | Please respond to|
| | users |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
| |
| To: <users@xxxxxxxxxxxxxxxx> |
| cc: |
| Subject: RE: [users@httpd] Fw: signal Bus error with apache Apache/2.0.54 with SSL pages |
>------------------------------------------------------------------------------------------------------------------------------|
You must've missed my earlier plea for plain text... I can't inline quote
HTML mail.
Did you cross reference the errors to the access log and find they were
caused by requests for GIFs? - Yes - the cross reference links mostly to
gif files but some times html pages or javascript files.
How are the GIFs obtained - from a file on a local disk or by some magic
(DB access, generation by a script or external application, proxy from
another server etc)? - The gifs are on the local disk with no magic.
Can you reproduce the errors by requesting individual GIFs directly? - Yes.
I can reproduce the errors at will.
What is your OS - were there any trauma during compilation? - The os is -
SunOS ino0s093 5.9 Generic_117171-17 sun4u sparc SUNW,Sun-Fire-280R - there
were no issues during the compile.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
-----Original Message-----
From: charles_e_borton@xxxxxxxxxxx [mailto:charles_e_borton@xxxxxxxxxxx]
Sent: Samstag, 11. Juni 2005 06:00
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] Fw: signal Bus error with apache Apache/2.0.54
with SSL pages
Boyle,
Thanks for the info.
When I upgraded to 2.0, I did clean compile and installed into a new
directory. Based upon your comments, I checked by startup script to verify
that I'm not referring to any old libraries. All references are to apache
2 directories.
The problem I'm experiencing (around 60% of all SSL pages but not normal
pages) is occurring on straight html pages with gif images. For example,
if I load a page with 10 gif images, I may get success on 4 images and
failure and bus errors on 6. Usually by the 3rd refresh, I get all of the
images. It's not restricted to just images. Sometimes, a straight html
page or javascript file will fail with the same bus error.
Any other suggestions?
One question I have - what is the minimum version of openssl that is
required with apache 2.0? I have - openssl-0.9.6l.
Thank you.
Chuck Borton
JPMorgan Chase & Co.
Global Network Engineering
Office: 614-213-8757
Cell: 614-477-4334
Pager: 6144774334@xxxxxxxxxxxxxx
Charles E Borton "Boyle Owen" <Owen.Boyle@xxxxxxx>
06/09/2005 05:08 AM
Please respond to users
To: <users@xxxxxxxxxxxxxxxx>
cc:
Subject: RE: [users@httpd] Fw: signal Bus error with apache
Apache/2.0.54 with SSL pages
Plain text please...
To recap, you upgraded from 1.3 to 2 and now you get occassional bus
errors.
My guess is that certain requests are triggering a call to a function in an
extension module or library and that the module was compiled for 1.3 and is
not compatible with apache 2.
To find the request, cross reference, using the timestamp, the error log
with the access log. That will tell you what module is being accessed. Then
recompile it for apache 2.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
-----Original Message-----
From: charles_e_borton@xxxxxxxxxxx [mailto:charles_e_borton@xxxxxxxxxxx]
Sent: Mittwoch, 8. Juni 2005 18:50
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] Fw: signal Bus error with apache Apache/2.0.54 with
SSL pages
All,
My apologies. I forgot to include the error message:
[Wed Jun 08 11:11:37 2005] [notice] child pid 14430 exit signal Bus error
(10)
Thank you.
Chuck Borton
JPMorgan Chase & Co.
Global Network Engineering
Office: 614-213-8757
Cell: 614-477-4334
Pager: 6144774334@xxxxxxxxxxxxxx
----- Forwarded by Charles E Borton/OH/ONE on 06/08/2005 12:45 PM -----
Charles E Borton Charles E Borton
06/08/2005 11:33 AM
To: users@xxxxxxxxxxxxxxxx
cc:
Subject: signal Bus error with apache Apache/2.0.54 with SSL
pages
Hi,
I have recently upgraded to 2.0.54 from 1.3.29.
In my new install, when users try to access the HTTPs portion of my site,
they get some (around 605) broken links (often on images but sometime on
whole pages).
The broken links map to errors in the error log that look like this:
Has anyone seen this before?
Thank you.
Chuck Borton
JPMorgan Chase & Co.
Global Network Engineering
Office: 614-213-8757
Cell: 614-477-4334
Pager: 6144774334@xxxxxxxxxxxxxx
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you.
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of
a private and personal nature. It is not related to the exchange or
business activities of the SWX Group. Le présent e-mail est un message
privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. You must
not, directly or indirectly, use, disclose, distribute, print, or copy any
part of this message if you are not the intended recipient. The sender's
company reserves the right to monitor all e-mail communications through
their networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the sender
is authorised to state them to be the views of the sender's company.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|