简体繁体 English

对cURL SSL PUT / POST（php）的延迟响应（NSS与OpenSSL）

[英]Delayed responses for cURL SSL PUTs/POSTs (php) (NSS vs OpenSSL)

原文 2010-06-01 14:05:49 8 4 php/ ssl/ curl/ openssl/ libcurl

I have two Fedora-based apache webservers making the same SSL PUT/POST calls with php/cURL. 我有两个基于Fedora的apache网络服务器，它们使用php / cURL进行相同的SSL PUT / POST调用。 One works fine, but with the other the call succeeds but takes a VERY long time to return a response (~10 min). 一个可以正常工作，但另一个可以成功，但是要花很长的时间才能返回响应（约10分钟）。 (GETs don't seem affected) （GET似乎没有受到影响）

The working server's cURL uses OpenSSL for SSL, while the non-working version uses a later version of cURL that uses NSS for SSL 工作服务器的cURL使用OpenSSL进行SSL，非工作版本使用cURL的更高版本使用NSS进行SSL

I know nothing about SSL implementations or their effect on cURL. 我对SSL实现及其对cURL的影响一无所知。 What would cause such a significant delay in SSL PUT/POST responses? 什么会导致SSL PUT / POST响应如此严重的延迟？

Any suggestions appreciated- Thanks-- 任何建议表示赞赏-谢谢-

4 个解决方案

Have you check your KeepAlive options in httpd.conf, it should be On. 您是否已检查httpd.conf中的KeepAlive选项，该选项应该为On。 Please refer to http://www.debian-administration.org/articles/188 请参考http://www.debian-administration.org/articles/188

我只能猜测，但是某些SSL实现最终会尝试执行不必要的反向DNS查找，而这可能需要很长时间才能超时。

Yes, i would bet on a DNS issue along the lines. 是的，我敢打赌要解决DNS问题。

Try run a trace route from root and get some connection figures. 尝试从根目录运行跟踪路由并获得一些连接图。

Do it on both machines so you can see where there issues is first showing up in the Debug. 在两台计算机上都执行此操作，以便您可以看到在Debug中首先出现问题的地方。

I don't know the answer. 我不知道答案。 DNS recommendations are always good. DNS建议总是好的。 Other ideas include MTU discovery, server not providing intermediate certs so the clients may be trying to download missing intermediaries or an attempt to check the CAs recovation list. 其他想法包括MTU发现，服务器不提供中间证书，因此客户端可能正在尝试下载缺少的中介，或者试图检查CA撤销列表。

Download wireshark and you should be able to get a better idea of the difference in behavior between clients. 下载wireshark，您应该能够更好地了解客户端之间的行为差异。