On Thursday 05 February 2004 10:18, Rainer Traut wrote: > We are using squid 2.5 S4 and also tried v3, OS is Redhat EL ES3, > clients are always IE6 and IE5.5. > Squid is the gateway to a small transfer net to firewall and then to DMZ > and internet. > Firewall has changed from Checkpoint FW1 to an iptables firewall, but no > change in behaviour. > > I can login to Domino server fine but after some views and klicking too > fast in our web application IE comes to a standstill, the domino server > is blocked, there is no http or https traffic to the domino server. > Nobody can work anymore! > > Exactly if I close my IE all works normal, http and https runs fine. > This happens *only* if I use squid, when I go directly this never > happens, all is fine. > > Here is my observation: > > There are many tcp connections from my client to squid in state > 'connected' (around 20 to 30) > and there are many connections from squid to domino server in state > 'connected' (again around 20 to 30) > > Output of the domino http task: > 05.02.2004 08:45:14 Http Worker Thread ID [44012]: Working session > [4014]: Session State [SSL Handshake] : > 05.02.2004 08:45:14 Http Worker Thread ID [48013]: Working session > [3fed]: Session State [SSL Handshake] : > 05.02.2004 08:45:14 Http Worker Thread ID [4c014]: Working session > [3fee]: Session State [SSL Handshake] : > 05.02.2004 08:45:14 Http Worker Thread ID [50015]: Working session > [3fef]: Session State [SSL Handshake] : > 05.02.2004 08:45:14 Http Worker Thread ID [54016]: Working session > ... cut here > as many http worker threads I configure (around 20 to 30...). > > The question is: why goes SSL Handshake wrong and connection is not > getting terminated? > And why don't I see this behaviour without squid? > > Here is an excerpt from domino release notes that might go into this > direction: > > SSL Session Resumption > SSL now performs session resumption. This will greatly improve > performance when the Notes HTTP Client or server is > using SSL, and may have a minor (positive) effect on other "Internet" > protocols as well.
Is it a standard thing or Domino's own hack? > The default number of resumable sessions that will be cached on the > server is 50. To modify the number of sessions > cached, set the SSL_RESUMABLE_SESSIONS notes.ini variable to the desired > number. Setting > SSL_RESUMABLE_SESSIONS=1 will disable SSL session resumption on the server. Did you try to disable this SSL resumables? Also, tcpdump might help other on the list know what exactly is going on. -- vda
