SSL Strangeness

[Curtis Spencer]

Hi,

On Dec 11, 2007 12:00 AM, Igor Sysoev <is at rambler-co.ru> wrote:
>
> Could you how you run httperf ? I will try to reproduce it in my
> environment.

httperf --server=www.mydomain.com --server-name=www.mydomain.com
--uri=/public/index --ssl --num-conns=10 --num-calls 10

I can run this a few times at a decent speed, but the more I do it it
just degrades until it will take about 10 minutes to finish.  Even on
just an index page.  I ran it using httperf-0.8 compiled Sep 8 2006
without DEBUG without TIME_SYSCALLS.

Let me know if you need me to try some more examples with it.

>
> > 2)  I still encounter the issue where SSL requests hang indefinitely
> > for some firefox users in my office. I dug a little deeper and I found
> > that people around the internet are having issues with Mozilla Firefox
> > 2.0 and having the Use TLS 1.0 set to checked in the preferences and
> > negotiating SSL connections with secure servers.  Everyone in my
> > office who was having the problem was using Mozilla Firefox 2.0, so I
> > had them all disable the TLS 1.0 settings.  I am going to watch and
> > see what happens over the next few days.
> >
> > This brings up the issue.  Has anyone encountered this TLS issue as
> > well, and is there a server setting I can set on nginx to prevent
> > Firefox from even trying to use TLS 1.0 (if this is even the problem)?
>

OK, so even after disabling TLS on the firefox that has the issue,
there is still the slowdown for the people in the office today.  I
will give the server change a try and see what happens.  Should I also
set the ssl_prefer_server_ciphers configuration setting as well?  Are
there any other browser issues that may be causing this?

> You may only disable TLSv1 at all:
>
> ssl_protocols SSLv2 SSLv3;
>
> The no way to find out a browser before SSL handshake will be done.
> This is the same case as it was with name-based virtual hosts.

What is the downside to this?

Thanks,
Curtis
>
>
> --
>
> Igor Sysoev
> http://sysoev.ru/en/
>
>