On Thursday 05 February 2004 10:18, Rainer Traut wrote:
> We are using squid 2.5 S4 and also tried v3, OS is Redhat EL ES3,
> clients are always IE6 and IE5.5.
> Squid is the gateway to a small transfer net to firewall and then to DMZ
> and internet.
> Firewall has changed from Checkpoint FW1 to an iptables firewall, but no
> change in behaviour.
>
> I can login to Domino server fine but after some views and klicking too
> fast in our web application IE comes to a standstill, the domino server
> is blocked, there is no http or https traffic to the domino server.
> Nobody can work anymore!
>
> Exactly if I close my IE all works normal, http and https runs fine.
> This happens *only* if I use squid, when I go directly this never
> happens, all is fine.
>
> Here is my observation:
>
> There are many tcp connections from my client to squid in state
> 'connected' (around 20 to 30)
> and there are many connections from squid to domino server in state
> 'connected' (again around 20 to 30)
>
> Output of the domino http task:
> 05.02.2004 08:45:14 Http Worker Thread ID [44012]: Working session
> [4014]: Session State [SSL Handshake] :
> 05.02.2004 08:45:14 Http Worker Thread ID [48013]: Working session
> [3fed]: Session State [SSL Handshake] :
> 05.02.2004 08:45:14 Http Worker Thread ID [4c014]: Working session
> [3fee]: Session State [SSL Handshake] :
> 05.02.2004 08:45:14 Http Worker Thread ID [50015]: Working session
> [3fef]: Session State [SSL Handshake] :
> 05.02.2004 08:45:14 Http Worker Thread ID [54016]: Working session
> ... cut here
> as many http worker threads I configure (around 20 to 30...).
>
> The question is: why goes SSL Handshake wrong and connection is not
> getting terminated?
> And why don't I see this behaviour without squid?
>
> Here is an excerpt from domino release notes that might go into this
> direction:
>
> SSL Session Resumption
> SSL now performs session resumption. This will greatly improve
> performance when the Notes HTTP Client or server is
> using SSL, and may have a minor (positive) effect on other "Internet"
> protocols as well.
Is it a standard thing or Domino's own hack?
> The default number of resumable sessions that will be cached on the
> server is 50. To modify the number of sessions
> cached, set the SSL_RESUMABLE_SESSIONS notes.ini variable to the desired
> number. Setting
> SSL_RESUMABLE_SESSIONS=1 will disable SSL session resumption on the server.
Did you try to disable this SSL resumables?
Also, tcpdump might help other on the list know what exactly is going on.
-- vdaReceived on Fri Feb 06 2004 - 03:12:26 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 01 2004 - 12:00:02 MST