Home ยป Forum ยป Bug Report and Feature Requests

Forum: Bug Report and Feature Requests

slow SOL handshake

ian181 ๐Ÿšซ

Getting about a 5sec delay for SOL handshake,anybody else?

Grant ๐Ÿšซ
Updated:

@ian181

Getting about a 5sec delay for SOL handshake,anybody else?

It's been an ongoing issue for a couple of weeks now, relating to the HTTPS addresses and only occurs occasionally.

The last hour or so is the first time I've experienced it since it began to occur.

Edit- here we go, previous thread.
https://storiesonline.net/d/s6/t5766/slow-absent-server

Grant ๐Ÿšซ

And now everything's back to normal.

Lazeez Jiddan (Webmaster)

@ian181

Due to the difficulty in configuring the new server software (nginx is a shit show configuration-wise; still trying to get a php script to respond to 404) I keep trying to see if I can find what's causing this issue.

Every day I do a software update on the servers and if there is something new relating to encryption then I try full https again. Today there was such an update and tried full https, let's just say that the new version didn't fix whatever is going on with the servers.

It's amazing that non of the "experts" we consulted so far have not figured it out. It started just like that out of nothing and it's still going on. We even reverted the three software updates that preceded the first instance, and nothing.

Replies:   REP  Gauthier
REP ๐Ÿšซ
Updated:

@Lazeez Jiddan (Webmaster)

SOL suddenly develops a problem not related to any of the changes you made to SOL software.

Logic says that if it is a software problem and you made no software changes, perhaps the site hosting SOL made a change to their software.

Perhaps the host site made a hardware change and the new hardware is not compatible with SOL's software.

Then again, maybe you made a change that affects something and you overlooked the change as a possibility.

Good luck.

Gauthier ๐Ÿšซ
Updated:

@Lazeez Jiddan (Webmaster)

Regarding slow https:

There is one know issue with openSSL library which could give you the symptoms your are experiencing.

If the cpu isn't trusted or has a bug (AMD...) the library may fall back to alternative ways to genereate entropy and entropy generation can be slow and a limiting factor in establishing ssl connection.

However, those problem are well known and documented, your "experts" should have spotted that.

Anyway, it would be a good idea to check your entropy (from where the SSL is established) note that if you are in a VM, the Hypervisor should supply the rng thus bad entropy inside the VM means bad hypervisor or bad VM integration with the hypervisor.

Here is an article about entropy diagnostic:

https://www.cyberciti.biz/open-source/debian-ubuntu-centos-linux-setup-additional-entropy-for-server-using-aveged-rng-tools-utils/

Remark: if your ISP upgraded your hardware to a recent AMD CPU you may be facing a rng cpu bug. A server BIOS update should solve the problem.

Another potential issue could be the SSL library offloading to hardware accelerator.

With a modern CPU, those SSL accelerator are not really needed.

It would be a good idea to benchmark the SSL library on the various encryption algorythms allowed in your server SSL configuration (openssl has an integrated benchmark).

Note that if your issue is entropy, switching to nginx will not improve your server response time!!

nginx is a shit show configuration-wise; still trying to get a php script to respond to 404

Well, it's unusual and absolutely not the same as .htaccess

Here are some good sample:

https://laravel.com/docs/5.8/deployment

https://wordpress.org/support/article/nginx/

both handle the 404

there is also an alternative syntax (=404;)

see:

https://www.digitalocean.com/community/tutorials/how-to-install-laravel-with-an-nginx-web-server-on-ubuntu-14-04

Note that both framework, serve files when found and the rest is passed to /index.php with the request in parameter, the php then decide if the url is valid:

http://storiesonline.net/a/abcd (status 200)

or not

http://storiesonline.net/a/abcde (status 404)

Gauthier ๐Ÿšซ

@Gauthier

More on Entropy...
for https, entropy is consumed during the handshake. If you reuse the connection later, entropy is not used. So keeping the connection open longer is a good idea:

KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 200

http2 will also drastically reduce the handshakes.

Lazeez Jiddan (Webmaster)

@Gauthier

Here is an article about entropy diagnostic:

We measured entropy and it never dropped. Entropy stayed over 3900 at the time when handshake time reached 30 seconds. The lowest I've measured entropy was at a time when the site was performing well and it dropped down to ~3600.

So, not entropy.

nginx is a shit show configuration-wise; still trying to get a php script to respond to 404


Well, it's unusual and absolutely not the same as .htaccess

The .htaccess file was easily translated from apache syntax to nginx. It wasn't a problem.

both handle the 404

there is also an alternative syntax (=404;)

Both syntaxes failed. I may have missed something. But the most frustrating fact was the paucity of documentation available online. Nginx site really pushes you towards Nginx+ and they don't make it easy to solve even the most simple of problems. Trying to get familiar with nginx was not a good experience. SOL's engine (that I created myself) is complex. I designed it to handle multiple sites at the same time and that made some things not straight forward. Even something as simple as apache's alias functionality was nowhere near straight forward on nginx.

Anyway, we're trying something different currently and hopefully that solves the problem.

๐Ÿคž

Replies:   MrWolf_UK
MrWolf_UK ๐Ÿšซ

@Lazeez Jiddan (Webmaster)

Good luck Lazeez, and thanks for all your hard work and effort

Back to Top

 

WARNING! ADULT CONTENT...

Storiesonline is for adult entertainment only. By accessing this site you declare that you are of legal age and that you agree with our Terms of Service and Privacy Policy.


Log In