Bug#113067: 'bad record mac' + SessionCache + libmm

To: 212410@bugs.debian.org, 196004@bugs.debian.org, 87289@bugs.debian.org, 113067@bugs.debian.org
Subject: Bug#113067: 'bad record mac' + SessionCache + libmm
From: Luca Filipozzi <lfilipoz@debian.org>
Date: Sun, 16 Nov 2003 09:58:21 -0800
Message-id: <[🔎] 20031116175821.GA20484@bofh.ece.ubc.ca>
Reply-to: Luca Filipozzi <lfilipoz@debian.org>, 113067@bugs.debian.org
In-reply-to: <[🔎] 20031116174513.GA20366@bofh.ece.ubc.ca>
References: <[🔎] 20031116174513.GA20366@bofh.ece.ubc.ca>

FREENODE#debian-apache discussion regarding the issue of --with-mm:

09:36 < luca> ping
09:36 < Mithrandir> pong
09:36 < luca> can you read 212410, 196004 and 87289 and give me your opinion?
09:37 < luca> essentially:
09:37 < luca> latest libapache-mod-ssl has some problems with SSL session cache
09:37 < luca> which causes clients to get 404 or 'invalid message authenticaion 
              code'
09:38 < luca> setting SSLSessionCache none fixes it at significant performance 
              loss
09:38 < luca> apparently, according to 196004, this is because the dbm 
              mechanism isn't reliable
09:38 < luca> an alternate, shm mechanism could be enabled but there are issues 
              with it as described in 87289
09:39 < luca> these could be overcome, but require coordination of apache, 
              libapache-mod-ssl, etc.
09:42 < Mithrandir> sounds like some kind of locking issue with dbm..
09:45 < luca> perhaps
09:46 < luca> the 'no such file or directory' makes me think that the dbm file 
              is periodically cleaned (removed)
09:46 < luca> perhaps the SSLSessionCacheTimeout code is fubar
09:46 < luca> what i don't understand is why this appears to be a Debian-only 
              problem
09:46 < luca> googling for 'bad record mac' reveals very little
09:47 < luca> googling for 'received an invalid message authentication code' 
              same
09:48 < luca> http://article.gmane.org/gmane.comp.apache.mod-ssl.user/2976
09:48 < luca> I've seen similar problems a long time ago - I would recommend
09:48 < luca> installing the MM library and using an shm based session cache.
09:49 < Mithrandir> hmm
09:50 < luca> i sent an email to the above bug reports
09:51 < luca> i would encourage you folks to enable --with-mm by evaluating the 
              patches at http://pflanze.mine.nu/~chris/debian/apache/
09:51 < luca> i suspect that this may be a debian-only issue because other 
              vendors ship with mm support and have their default httpd.conf 
              using shm based session cache
09:52 < Mithrandir> maybe so, but then you have the problem if you start it as 
                    non-root
09:52 < Mithrandir> (though, who does that?)
09:52 < Mithrandir> I'd recommend asking thom, he should know
09:54 < luca> those patches at http://pflanze.mine.nu/~chris/debian/apache 
              apparently address this
09:55 < Mithrandir> it's worth a try.
09:55 < Mithrandir> care to mail this information to one of the bugs?
09:55 < luca> this irc log?
09:55 < luca> sure
09:55 < luca> well, i'll email it to all the bugs :)

-- 
Luca Filipozzi
"Linux gives us the power to crush those that oppose us." - switchlinux
gpgkey 5A827A2D - A149 97BD 188C 7F29 779E  09C1 3573 32C4 5A82 7A2D

Reply to:

References:
- Bug#113067: 'bad record mac' + SessionCache + libmm
  - From: Luca Filipozzi <lfilipoz@debian.org>

Prev by Date: Bug#113067: 'bad record mac' + SessionCache + libmm
Next by Date: Processed: Re: Bug#221133: php4: unstable - Configuration hangs after restarting apache
Previous by thread: Bug#113067: 'bad record mac' + SessionCache + libmm
Next by thread: Processed: Re: Bug#221133: php4: unstable - Configuration hangs after restarting apache
Index(es):
- Date
- Thread