Walter, Oliver (BR/ICA5) wrote: i am no expert, but maybe you could post a snippet of your ssl.conf ?on windows we experimented a lot with the ssl caching schemes which had a great influence on ssl performance. also the keepalive setting is important
have you actually measured/debugged ssl-handshake with openssl? something like : $ openssl s_time -connect IP-address:443/somepath -time 60 or maybe it's just something with a very deep certificate ca chain ? or ... ./allan
Hello list, we have serious performance issues running apache 1.3.26 with ssl. Maybe someone here has a hint we can do. We are running a cluster with 2 HP DL380 with Dual CPU an 512 MB Ram. The operating system is Debian Linux with Linux Virtual Server module ip_vs_wrr on Port 80. HTTPS request are processed only on one node. We use the server in 3 ways: 1. reverse proxy for several application server2. with mod_caucho for the jsp delivery 3. webserver for static contentThe server load is mostly around 1 - 1.5. The server is not swapping. 18:39:59 up 201 days, 23:07, 2 users, load average: 0.74, 0.57, 0.66 86 processes: 83 sleeping, 2 running, 1 zombie, 0 stopped CPU states: 16.9% user, 27.8% system, 0.0% nice, 55.3% idle Mem: 517304K total, 468792K used, 48512K free, 184156K buffers Swap: 4048992K total, 1576K used, 4047416K free, 120996K cachedWe found out, that we have a lot of connection in close_wait state the several backend systems (mod_caucho -> resin).netstat | grep CLOSE_WAIT ...tcp 1 0 bridge15:3157 bridge28:6803 CLOSE_WAIT tcp 1 0 bridge15:1912 bridge28:6803 CLOSE_WAIT netstat | grep CLOSE_WAIT | wc -l 1340 If they get to high (~4000), apache isn´t able to process any request anymore (error_log):[Tue Sep 20 15:15:10 2005] [error] [client xx.xx.xx.xx] (11)Resource temporarily unavailable: proxy connect to xxx.xxx.xxx.xxx port 80 failedor[Tue Sep 20 15:07:20 2005] [error] [client xx.xx.xx.xx] (111)Connection refused: proxy connect to xxx.xxx.xxx.xxx port 80 failedWe also can find a lot of the follwing error in the log:[Tue Sep 20 15:03:34 2005] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)[Tue Sep 20 15:03:34 2005] [error] System: Connection reset by peer (errno: 104) I think too much for canceled browser actions.We already changed the value for timeout_closewait from 60 to 30, which reduced the above mentioned connections, but did not achive any performance increase. The only thing was, that the proxy errors stopped.HTTPS request are still very poor, even if almost nobody is browsing our website. Any ideas what the problem could be, or where we can take another look? Best regards Oliver Walter (BR/ICA5) Zentrale Informationsverarbeitung Bosch Rexroth AG The Drive & Control Company Sandweg 45 D-97737 Gemünden-Langenprozelten phone: +49(0)9352-18-3977 fax: +49(0)9352-18-3985 mailto:oliver.walter@xxxxxxxxxxxxxxx http://www.boschrexroth.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx