I run a debian squeeze standard Apache installation (2.2) and make use of SSLClientCertificates to authorize users. This works fine so far.
But we noticed a slow down of some parallel requests and tried to check if my SSLSessionCache
is working.
So I checked my localhost/server-status and it reads like this:
SSL/TLS Session Cache Status:
cache type: SHMCB, shared memory: 512000 bytes, current sessions: 0
subcaches: 32, indexes per subcache: 133
index usage: 0%, cache usage: 0%
total sessions stored since starting: 0
total sessions expired since starting: 0
total (pre-expiry) sessions scrolled out of the cache: 0
total retrieves since starting: 0 hit, 0 miss
total removes since starting: 0 hit, 0 miss
Seems to be running but whatever SSL request I make, all counters stay at 0, so no sessions are cached.
I tried to set KeepAlive Off
, to let every request establish a new SSL connection, but still I see no numbers counting up in my SSLSessionCache
Status.
This is my SSLSessionCache Configuration from standard debian mods-enabled/ssl.conf
:
SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex
in my ${APACHE_RUN_DIR}
I see no files at all, no ssl_mutex and no ssl_cache file. When I switch my SSLSessionCache
to
SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
I can see a file in this directory, but all status numbers are still zero.
I tried to set LogLevel to debug. The only messages I get about the ssl cache are:
$ grep cache /var/log/apache2/error.log
ssl_scache_shmcb.c(253): shmcb_init allocated 512000 bytes of shared memory
ssl_scache_shmcb.c(272): for 511920 bytes (512000 including header), recommending 32 subcaches, 133 indexes each
ssl_scache_shmcb.c(306): shmcb_init_memory choices follow
ssl_scache_shmcb.c(308): subcache_num = 32
ssl_scache_shmcb.c(310): subcache_size = 15992
ssl_scache_shmcb.c(312): subcache_data_offset = 3208
ssl_scache_shmcb.c(314): subcache_data_size = 12784
ssl_scache_shmcb.c(316): index_num = 133
Shared memory session cache initialised
ssl_scache_shmcb.c(452): [client xyz] inside shmcb_status
ssl_scache_shmcb.c(512): [client xyz] leaving shmcb_status
(removed date an loglevel for readability, replaced IP for privacy)
So here are my questions:
- Is it correct to have no files for mutex and sessionCache in the given directory?
- If yes, how to prove my SessionCache is working?
I'm not familiar with Debian Squeeze, but here are somethings to try:
Try connecting using openssl with the
reconnect
flag which use the same session 5 times:and see what you get. Look for
Session-ID
& "Reused."Other things to rule out:
${APACHE_RUN_DIR}
with the actual path and see if that helps ... ?ssl_*
files you note above by the user running apache.Mounting tmpfs on /dev/shm and replacing ${APACHE_RUN_DIR} with /dev/shm/apache in fixed it for me:
I'm facing a similar problem.
For me when running the given command. I've got an "unexpected message" error when it tries to reconnect.
But when running on the server this command work correctly, the session are reused.
At the time , i have no solution for this