Re: [lvs-users] SSL forwarding problem.

To: " users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] SSL forwarding problem.
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Thu, 27 Mar 2008 17:11:23 +0000
On Thu, 2008-03-27 at 09:59 -0700, Chuck Cochems wrote:
> Bah, seems i was getting bit by firewall rules set by someone else. 
> problem solved.

Ah, good :)

> Since the same apache daemon handles both, if one is up, so is the 
> other.  therefore, it's silly to actually check the SSL.

No it isn't. It's entirely possible that Apache could start up and
happily serve pages via HTTP on port 80 but be unable to do so via HTTPS
on port 443 because of, for example, an entropy problem. Don't forget
that HTTPS is relying on the underlying OpenSSL libraries; if they have
a problem (due to a system upgrade for example) then HTTPS could be
harpooned completely.

You may consider this unlikely, but there's a known interaction between
a number of apps and SSL libraries which simply causes them to stall for
lack of entropy - I haven't seen this with Apache and OpenSSL, but
that's not to say it couldn't happen.


<Prev in Thread] Current Thread [Next in Thread>