[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [iaik-ssl] SSLServer still there but do nothing
On Tue, 7 Aug 2001, Changski Zhang wrote:
> Hi Polar,
> Thank you for your reply.
> Below are the env:
> JDK: J2SE 1.3.0_2
> JRE: JRE1.3(which comes with the JDK)
> OS: Windows2000 Server
> After out server being locked, I tried to start a java.net.ServerSocket to
> bind the same port witch iaik.security.sslSSLServerSocket had binded,
> and the new java.net.ServerSocket could not start and bind the port, that
> means the port was still binded by iaik.security.sslSSLServerSocket and
> SSLServerSocket was still listening to that port;
> 2. Tried to connect the port by Telnet and got connection refused, that
> means SSLServerSocket still there but did nothing.
That means that the Socket underneath is still there, but its "backlog" is
full. So, what has happened is that the "Acceptor::Accept" is most likely
not picking up the connections off the server socket. There is something
How many threads to you have running?
I don't know about windows, but on unix machines, you can do a Control-\
and get a dump of the tread stack. Find out where everything is waiting
> I don't have the source of iaik.security.sslSSLServerSocket , so I don't
> understand what happend at that time?
> What's more, this problem comes out randomly after server running several
I doubt if it is with the IAIK socket. Most likely there might be
something in your application (a memory leak or something) stuffing it up.
The only other thing I can think of is that your using Windows.
> I really wanna know in which case iaik.security.sslSSLServerSocket can be
Well it's not murdered. But as you can see, you can probably land it a
good denial of service attack by connecting to it very often.
> Thanks in advance,
> -----Original Message-----
> From: Polar Humenn [mailto:email@example.com]
> Sent: Tuesday, August 07, 2001 4:25 PM
> To: Changski Zhang
> Cc: 'firstname.lastname@example.org'
> Subject: Re: [iaik-ssl] SSLServer still there but do nothing
> On Tue, 7 Aug 2001, Changski Zhang wrote:
> > Hi, support,
> > OS: WindowsNT 4.0
> > Env: Orbacus4.0.5 with BiDirection +FreeSSL2.0.1+IAIK-JCE2.61c+
> > Thread models: threaded + thread_per_request.
> > Problem:
> > After our server has run for about 2 to 4 hours, it refuses to
> > accept any new connection requests from the client side as if the SSL
> > is dead, we're saying this because we used to see ORBacus and FreeSSL
> > messages until that moment, and FSSL debug message stoped here:
> > ssl_debug(n): Starting handshake (iSaSiLk 3.03)...
> > ssl_debug(n): Sending v3 client_hello message, requesting version 3.1...
> > It seems that the SSLServerSocket who is doing the "accept" job is locked.
> > We estimate 20 clients are connected to the server when the failures are
> > happening.
> > Ever heard about such a problem?
> > Question:
> > 1. Does FreeSSL2.0.1 support ORBacus4.0.5?
> That I don't know. Have you tried Adiron's ORBAsec SL3? It has SSL and
> gives you a proper credentials model. And you can "quote" others, which
> gives you a delegation capability. (We only have Java, but I'm assuming
> that your using java if your mailing to IAIK.).
> > 2. Is it possible that too many threads are alive and a leak is
> > happening so that the SSL layer won't accept any connections?
> This very well might be the case. In fact, any thing of this nature is
> possible with NT. Have you tried your servers on another platform, such as
> Linux, or Solaris? What version of the JDK are you using? Or are you using
> some special JVM?
> Polar Humenn Adiron, LLC
> mailto:email@example.com 2-212 CST
> Phone: 315-443-3171 Syracuse, NY 13244-4100
> Fax: 315-443-4745 http://www.adiron.com
Polar Humenn Adiron, LLC
mailto:firstname.lastname@example.org 2-212 CST
Phone: 315-443-3171 Syracuse, NY 13244-4100
Fax: 315-443-4745 http://www.adiron.com
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
To unsubscribe send an email to email@example.com with the folowing content: UNSUBSCRIBE iaik-ssl