[peruser] SSLSessionCache not working
Janno Sannik
janno at kood.ee
Fri May 30 04:58:34 MDT 2008
There seems to be some problem accessing SSL session cache. As long as
keepalive is holding the child everything is ok, but if keepalive period
ends and client reconnects then it needs to redo all SSL authentication.
That probably explains also why SSL based pages were very slow then many
images was on one page. Keepalive just worked around the problem.
This thing get's really annoying if user has smart card to authenticate
itself: firefox will keep asking certificate every time keepalive dies.
Has anybody experienced similar effect?
Apache error.log
[Fri May 30 11:36:37 2008] [warn] (13)Permission denied: Failed to
acquire SSL session cache lock
[Fri May 30 11:36:37 2008] [warn] (13)Permission denied: Failed to
release SSL session cache lock
[Fri May 30 11:36:40 2008] [warn] (13)Permission denied: Failed to
acquire SSL session cache lock
[Fri May 30 11:36:40 2008] [warn] (13)Permission denied: Failed to
release SSL session cache lock
Session cache conf part:
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
folder permissions are very loose for testing purposes.
mutex default was set.
server-status shows sessions, but seems like peruser just don't get to
read them thus every time creates a new one (status seems to show
sessions, so peruser has atleast some access to shm )
--
Janno Sannik
DataCode OÜ
More information about the Peruser
mailing list