SSL Re-negotiation handshake failed - slow page loads

apache-2.2 ssl

I have a redhat 6 server running coldfusion on apache. I require SSL to access the site and smart card authentication. That works fine, it logs in based on the smart card, and denies access without one. My problem is that the site takes about a minute per page to load, but it does load eventually. Looking at the logs when on level 'warn' it just tells me that the re-negotiation handshake failed: not accepted by client. More detailed on 'info' i get the following:

[Thu Sep 01 10:50:29 2011] [info] Configuring server for SSL protocol
1891 [Thu Sep 01 10:50:44 2011] [info] [client x.x.x.x] Connection to child 0 established (server my-server.com:443)
1892 [Thu Sep 01 10:50:44 2011] [info] Seeding PRNG with 144 bytes of entropy
1893 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1894 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection closed to child 0 with abortive shutdown (server my-server.com:443)
1895 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection to child 0 established (server my-server.com:443)
1896 [Thu Sep 01 10:50:45 2011] [info] Seeding PRNG with 144 bytes of entropy
1897 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1898 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection closed to child 0 with abortive shutdown (server my-server.com:443)
1899 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection to child 0 established (server my-server.com:443)
1900 [Thu Sep 01 10:50:45 2011] [info] Seeding PRNG with 144 bytes of entropy
1901 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1902 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection closed to child 0 with abortive shutdown (server my-server.com:443)
1903 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection to child 0 established (server my-server.com:443)
1904 [Thu Sep 01 10:50:45 2011] [info] Seeding PRNG with 144 bytes of entropy
1905 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1906 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection closed to child 0 with abortive shutdown (server my-server.com:443)
1907 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection to child 0 established (server my-server.com:443)
1908 [Thu Sep 01 10:50:45 2011] [info] Seeding PRNG with 144 bytes of entropy
1909 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1910 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection closed to child 0 with abortive shutdown (server my-server.com:443)
1911 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection to child 0 established (server my-server.com:443)
1912 [Thu Sep 01 10:50:45 2011] [info] Seeding PRNG with 144 bytes of entropy
1913 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1914 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection closed to child 0 with abortive shutdown (server my-server.com:443)
1915 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection to child 0 established (server my-server.com:443)
1916 [Thu Sep 01 10:50:45 2011] [info] Seeding PRNG with 144 bytes of entropy
1917 [Thu Sep 01 10:50:45 2011] [info] Initial (No.1) HTTPS request received for child 0 (server my-server.com:443)
1918 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Requesting connection re-negotiation
1919 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Awaiting re-negotiation handshake
1920 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection to child 1 established (server my-server.com:443)
1921 [Thu Sep 01 10:50:45 2011] [info] Seeding PRNG with 144 bytes of entropy
1922 [Thu Sep 01 10:50:45 2011] [error] [client x.x.x.x] Re-negotiation handshake failed: Not accepted by client!?
1923 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection to child 0 established (server my-server.com:443)
1924 [Thu Sep 01 10:50:45 2011] [info] Seeding PRNG with 144 bytes of entropy
1925 [Thu Sep 01 10:50:45 2011] [info] Initial (No.1) HTTPS request received for child 1 (server my-server.com:443)
1926 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Requesting connection re-negotiation
1927 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Awaiting re-negotiation handshake
1928 [Thu Sep 01 10:50:45 2011] [error] [client x.x.x.x] Re-negotiation handshake failed: Not accepted by client!?
1929 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Connection to child 1 established (server my-server.com:443)
1930 [Thu Sep 01 10:50:45 2011] [info] Seeding PRNG with 144 bytes of entropy
1931 [Thu Sep 01 10:50:45 2011] [info] Initial (No.1) HTTPS request received for child 0 (server my-server.com:443)
1932 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Requesting connection re-negotiation
1933 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Awaiting re-negotiation handshake
1934 [Thu Sep 01 10:50:45 2011] [error] [client x.x.x.x] Re-negotiation handshake failed: Not accepted by client!?
1935 [Thu Sep 01 10:50:45 2011] [info] Initial (No.1) HTTPS request received for child 1 (server my-server.com:443)
1936 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Requesting connection re-negotiation
1937 [Thu Sep 01 10:50:45 2011] [info] [client x.x.x.x] Awaiting re-negotiation handshake
1938 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection closed to child 1 with standard shutdown (server my-server.com:443)
1939 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection to child 0 established (server my-server.com:443)
1940 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection to child 2 established (server my-server.com:443)
1941 [Thu Sep 01 10:50:47 2011] [info] Seeding PRNG with 144 bytes of entropy
1942 [Thu Sep 01 10:50:47 2011] [info] Seeding PRNG with 144 bytes of entropy
1943 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection to child 3 established (server my-server.com:443)
1944 [Thu Sep 01 10:50:47 2011] [info] Seeding PRNG with 144 bytes of entropy
1945 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection to child 4 established (server my-server.com:443)
1946 [Thu Sep 01 10:50:47 2011] [info] Seeding PRNG with 144 bytes of entropy
1947 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection to child 6 established (server my-server.com:443)
1948 [Thu Sep 01 10:50:47 2011] [info] Seeding PRNG with 144 bytes of entropy
1949 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection to child 5 established (server my-server.com:443)
1950 [Thu Sep 01 10:50:47 2011] [info] Seeding PRNG with 144 bytes of entropy
1951 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1952 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection closed to child 0 with abortive shutdown (server my-server.com:443)
1953 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1954 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection closed to child 2 with abortive shutdown (server my-server.com:443)
1955 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1956 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection closed to child 4 with abortive shutdown (server my-server.com:443)
1957 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
1958 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] Connection closed to child 6 with abortive shutdown (server my-server.com:443)
1959 [Thu Sep 01 10:50:47 2011] [info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]

I am having the same kind of problem.

When i put my 

 SSLVerifyClient require
 SSLVerifyDepth 1

inside a <Directory> directive it is slow and i get Re-negotiation messages in the error log.

If i move these directives to top-level (under ) everything works like a charm.

Related

Setting up Multicast NLB Cluster with HP 6120XG Switch
CentOS 5.6 Update Version Of Tar
Collecting FusionIO inventory
In mysql I want to set lower_case_table_names=1 on existing databases to avoid cases-sensitivity issues accross multiple platforms
Upgraded users to Win7. Now getting "path not found" when saving files or opening attachments
OpenVPN server cannot ping client IPs
Are SSL Client Certificates well supported by all major browsers?
Powershell 2: How to strip a specific character from a body of ASCII text
Powershell 2 and Exchange: Find conflicting objects
Remote Desktop Connection Denied because the user account is not authorized for remote login
ERROR 2013 when connecting to mysql via HAProxy
sendmail - DSN: Name Server host not found