It appears that the Apache 2.2.13 connection timeout (ttl) does not work.My client is using an Apache 2.2.13 reverse proxy to perform encryption, compression and persistent connections with a remote site.
Every couple minutes, the following error appears in the log: [Tue Nov 10 10:47:52 2009] [error] [client 77.77.77.77] (70014)End of file found: proxy: error reading status line from remote server the.remote.site [Tue Nov 10 10:47:52 2009] [error] [client 77.77.77.77] proxy: Error reading from remote server returned by /xyz/OTAReceiver/OTA2006BServletWhen this happens, we always find that immediately before, an SSL connection to the server has been reused after approx. 17s idle time and received a TLS alert response:
No. Time Source Destination Proto Info 15214 10:47:34.689062 11.11.11.11 22.22.22.22 TCP 36334> https [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=562485006 TSER=0 WS=7 15216 10:47:34.705996 22.22.22.22 11.11.11.11 TCP https> 36334 [SYN, ACK] Seq=0 Ack=1 Win=1460 Len=0 MSS=1380 TSV=3321829791 TSER=562485006 WS=2 15217 10:47:34.706009 11.11.11.11 22.22.22.22 TCP 36334> https [ACK] Seq=1 Ack=1 Win=5888 Len=0 TSV=562485022 TSER=3321829791 15218 10:47:34.706277 11.11.11.11 22.22.22.22 SSLv2 Client Hello 15219 10:47:34.721988 22.22.22.22 11.11.11.11 TCP https> 36334 [ACK] Seq=1 Ack=103 Win=5792 Len=0 TSV=3321829807 TSER=562485022 15220 10:47:34.724340 22.22.22.22 11.11.11.11 TLSv1 Server Hello, 15221 10:47:34.724352 11.11.11.11 22.22.22.22 TCP 36334> https [ACK] Seq=103 Ack=1369 Win=8576 Len=0 TSV=562485039 TSER=3321829807 15222 10:47:34.724382 22.22.22.22 11.11.11.11 TLSv1 Certificate, Server Hello Done 15223 10:47:34.724392 11.11.11.11 22.22.22.22 TCP 36334> https [ACK] Seq=103 Ack=2570 Win=11392 Len=0 TSV=562485039 TSER=3321829808 15224 10:47:34.725315 11.11.11.11 22.22.22.22 TLSv1 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 15225 10:47:34.747365 22.22.22.22 11.11.11.11 TLSv1 Change Cipher Spec, Encrypted Handshake Message 15226 10:47:34.747544 11.11.11.11 22.22.22.22 TLSv1 Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, 15227 10:47:34.747606 11.11.11.11 22.22.22.22 TLSv1 Application Data 15228 10:47:34.764500 22.22.22.22 11.11.11.11 TCP https> 36334 [ACK] Seq=2617 Ack=2030 Win=8528 Len=0 TSV=3321829850 TSER=562485062 15524 10:47:35.257230 22.22.22.22 11.11.11.11 TLSv1 Application Data 15628 10:47:35.298932 11.11.11.11 22.22.22.22 TCP 36334> https [ACK] Seq=2030 Ack=3292 Win=14080 Len=0 TSV=562485590 TSER=3321830342 15717 10:47:35.686996 11.11.11.11 22.22.22.22 TLSv1 Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, 15718 10:47:35.687017 11.11.11.11 22.22.22.22 TLSv1 Application Data 15719 10:47:35.704841 22.22.22.22 11.11.11.11 TCP https> 36334 [ACK] Seq=3292 Ack=4185 Win=14000 Len=0 TSV=3321830790 TSER=562485960 15720 10:47:35.769064 22.22.22.22 11.11.11.11 TCP [TCP segment of a reassembled PDU] 15721 10:47:35.769078 11.11.11.11 22.22.22.22 TCP 36334> https [ACK] Seq=4185 Ack=4660 Win=16896 Len=0 TSV=562486038 TSER=3321830853 15722 10:47:35.769064 22.22.22.22 11.11.11.11 TLSv1 Application Data 15723 10:47:35.769108 11.11.11.11 22.22.22.22 TCP 36334> https [ACK] Seq=4185 Ack=5303 Win=19584 Len=0 TSV=562486038 TSER=3321830853 20022 10:47:52.214289 11.11.11.11 22.22.22.22 TLSv1 Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, Application Data, 20023 10:47:52.214307 11.11.11.11 22.22.22.22 TLSv1 Application Data 20024 10:47:52.228603 22.22.22.22 11.11.11.11 TLSv1 Encrypted Alert 20025 10:47:52.228625 11.11.11.11 22.22.22.22 TCP 36334> https [ACK] Seq=6064 Ack=5330 Win=19584 Len=0 TSV=562501752 TSER=3321847315 20026 10:47:52.228605 22.22.22.22 11.11.11.11 TCP https> 36334 [FIN, ACK] Seq=5330 Ack=4185 Win=14000 Len=0 TSV=3321847315 TSER=562486038 20027 10:47:52.228999 11.11.11.11 22.22.22.22 TCP 36334> https [FIN, ACK] Seq=6064 Ack=5331 Win=19584 Len=0 TSV=562501752 TSER=3321847315 20030 10:47:52.244608 22.22.22.22 11.11.11.11 TCP https> 36334 [RST] Seq=5331 Win=0 Len=0Note the idle time from 10:47:35 to 10:47:52. At 10:47:35, the remote side (22.22.22.22) has sent us some data, which our side (11.11.11.11) has ACKed. At 10:47:52, Apache tries to reuse the connection to send a new request (Application Data), which results in the "TLSV1 Encrypted Alert".
However, we think that we have told the server to drop idle connections after 10s, so that it should not try to resue a connection after 17s idle time (config below). What could be the problem here?
Regards, Oliver Schoett ---------- proxy.conf ---------- ProxyRequests Off ProxyVia On RequestHeader set Accept-Encoding "gzip" SetOutputFilter INFLATE Header unset Content-Encoding ProxyPass /xyz/OTAReceiver https://the.remote.site/xyz/OTAReceiver smax=0 ttl=10 retry=0 ProxyPassReverse /xyz/OTAReceiver https://the.remote.site/xyz/OTAReceiver ProxyStatus On --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx