SSL Strangeness
Curtis Spencer
thorin at gmail.com
Tue Dec 11 23:16:01 MSK 2007
Hi,
On Dec 11, 2007 12:00 AM, Igor Sysoev <is at rambler-co.ru> wrote:
>
> Could you how you run httperf ? I will try to reproduce it in my
> environment.
httperf --server=www.mydomain.com --server-name=www.mydomain.com
--uri=/public/index --ssl --num-conns=10 --num-calls 10
I can run this a few times at a decent speed, but the more I do it it
just degrades until it will take about 10 minutes to finish. Even on
just an index page. I ran it using httperf-0.8 compiled Sep 8 2006
without DEBUG without TIME_SYSCALLS.
Let me know if you need me to try some more examples with it.
>
> > 2) I still encounter the issue where SSL requests hang indefinitely
> > for some firefox users in my office. I dug a little deeper and I found
> > that people around the internet are having issues with Mozilla Firefox
> > 2.0 and having the Use TLS 1.0 set to checked in the preferences and
> > negotiating SSL connections with secure servers. Everyone in my
> > office who was having the problem was using Mozilla Firefox 2.0, so I
> > had them all disable the TLS 1.0 settings. I am going to watch and
> > see what happens over the next few days.
> >
> > This brings up the issue. Has anyone encountered this TLS issue as
> > well, and is there a server setting I can set on nginx to prevent
> > Firefox from even trying to use TLS 1.0 (if this is even the problem)?
>
OK, so even after disabling TLS on the firefox that has the issue,
there is still the slowdown for the people in the office today. I
will give the server change a try and see what happens. Should I also
set the ssl_prefer_server_ciphers configuration setting as well? Are
there any other browser issues that may be causing this?
> You may only disable TLSv1 at all:
>
> ssl_protocols SSLv2 SSLv3;
>
> The no way to find out a browser before SSL handshake will be done.
> This is the same case as it was with name-based virtual hosts.
What is the downside to this?
Thanks,
Curtis
>
>
> --
>
> Igor Sysoev
> http://sysoev.ru/en/
>
>
More information about the nginx
mailing list