firefox 2 (but not 1.5) hangs with https - modssl

This is a discussion on firefox 2 (but not 1.5) hangs with https - modssl ; I've been banging my head for a day or so on this. We have a website and when I surf it with firefox 2.0, I see a bunch of requests, then a large gap when nothing happens, then another bunch ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: firefox 2 (but not 1.5) hangs with https

  1. firefox 2 (but not 1.5) hangs with https

    I've been banging my head for a day or so on this. We have a website
    and when I surf it with firefox 2.0, I see a bunch of requests, then a
    large gap when nothing happens, then another bunch of request, then a
    gap. I can't think what different on this setup as to why I can't see
    other people reporting the same thing. We only noticed it recently,
    although that's not to say that it wasn't there before. I've gone
    through all the FAQs and google searches I can think of

    This worked okay on firefox 1.5 (1.5.dfsg+1.5.0.7-2 from debian), but
    we've also seen this behaviour on MSIE (7.0 I think).

    The gaps are as long as KeepAliveTimeout is set to in apache.conf
    (15sec normally) if I change it to 5 seconds then the gaps also drop to
    5 seconds. The file in question is always a flash (.swf) file, the
    request times I see are like this:

    17:22:28
    17:22:29
    17:22:30
    17:22:31
    17:22:46
    17:23:01
    17:23:16
    (every 15secs until page is loaded)

    The server is Debian stable, completely up to date, I've tried
    everything I can find:

    - SSLRandomSeed was set to urandom (startup) and builtin (connect)
    I've tried setting this to both urandom and builtin across the board

    - I've changed the Sessioncache from dbm to shmcb, shmht, none

    - I've removed some external URLs which were occuring and that's not
    helped at all either.

    - I've tried matching the User-Agent and turning off keepalive, all
    three shutdowns, etc.

    Apache - /2.0.54
    openssl - 0.9.7e-3sarge4

    With info level debugging I'm seeing this:
    [Thu Nov 30 10:16:22 2006] [info] (70007)The timeout specified has
    expired: SSL input filter read failed. (lots!)
    .....
    [Thu Nov 30 17:22:31 2006] [info] (104)Connection reset by peer:
    core_output_filter: writing data to the network
    [Thu Nov 30 17:22:31 2006] [info] (104)Connection reset by peer: SSL
    output filter write failed.
    [Thu Nov 30 17:22:32 2006] [info] (104)Connection reset by peer:
    core_output_filter: writing data to the network
    [Thu Nov 30 17:22:32 2006] [info] (104)Connection reset by peer: SSL
    output filter write failed.
    [Thu Nov 30 17:22:42 2006] [info] (70014)End of file found: SSL input
    filter read failed.

    Other message which might explain things are:
    [Thu Nov 30 17:22:31 2006] [info] Connection to child 1 established
    (server staging.truphone.com:443, client 81.5.177.202)
    [Thu Nov 30 17:23:23 2006] [info] Connection to child 1 established
    (server staging.truphone.com:443, client 84.65.175.231)

    (no messages about it being shutdown in the middle - done silently in
    those error messages?)

    One last log which is probably a little clearer. I've turned off
    keepalive, pipelining, set all requests to 1 on the browser:

    [Thu Nov 30 18:29:19 2006] [info] Connection to child 6 established
    (server staging.truphone.com:443, client 81.5.177.202)
    [Thu Nov 30 18:29:19 2006] [info] Seeding PRNG with 512 bytes of entropy
    [Thu Nov 30 18:29:19 2006] [info] Connection to child 6 closed with
    standard shutdown(server staging.truphone.com:443, client 81.5.177.202)
    [Thu Nov 30 18:29:19 2006] [info] Connection to child 3 established
    (server staging.truphone.com:443, client 81.5.177.202)
    [Thu Nov 30 18:29:19 2006] [info] Seeding PRNG with 512 bytes of entropy
    [Thu Nov 30 18:29:20 2006] [info] Connection to child 3 closed with
    standard shutdown(server staging.truphone.com:443, client 81.5.177.202)
    [Thu Nov 30 18:29:20 2006] [info] Connection to child 8 established
    (server staging.truphone.com:443, client 81.5.177.202)
    [Thu Nov 30 18:29:20 2006] [info] Seeding PRNG with 512 bytes of entropy
    << now the browser sits waiting, no network traffic >>
    [Thu Nov 30 18:29:35 2006] [info] Connection to child 8 closed with
    standard shutdown(server staging.truphone.com:443, client 81.5.177.202)
    [Thu Nov 30 18:29:35 2006] [info] Connection to child 1 established
    (server staging.truphone.com:443, client 81.5.177.202)
    [Thu Nov 30 18:29:35 2006] [info] Seeding PRNG with 512 bytes of entropy
    << data is transferred, then waiting browser, no traffic >>
    [Thu Nov 30 18:29:50 2006] [info] Connection to child 1 closed with
    standard shutdown(server staging.truphone.com:443, client 81.5.177.202)

    So the session seems to be used, but instead of being reused, the
    browser sits there, eventually the server kills the session and the
    browser then continues..

    Is there a way I can sniff the TLS/SSL traffic? I've tried ssldump
    but it looks like it only works with certain ciphers.

    Any suggestion as to other things to try would be most appeciated!

    Many thanks,

    Adrian
    --
    Adrian Bridgett - adrian@smop.co.uk
    GPG key available on public key servers
    __________________________________________________ ____________________
    Apache Interface to OpenSSL (mod_ssl) www.modssl.org
    User Support Mailing List modssl-users@modssl.org
    Automated List Manager majordomo@modssl.org

  2. Re: firefox 2 (but not 1.5) hangs with https

    Hi,

    Any progress with this thing? It seems that I have the same problem with firefox 3.6.3 (2.0 and older). I've checked firefox 1.5 - works fine.
    I have an applcation that uses adobe reader plugin for viewing pdfs. Pdfs are served by Apache + SSL. During pdf loading browser has a time delay (3-14 seconds). I've watched apache logs, it becomes after starting handshaking. Very strange behavour.

    Hope, you have some information that can be usefull.

    Thank's,
    Semyon

+ Reply to Thread