Painlyfully slow SSL connections

O

ozzi4648

Guest
I can't believe how slow it is to connect to port 2083 and 2087. And then whats up with the connection to Neromail more security popup boxes once a user visits webmail from his CP? This is not right. My users will soon leave when they see how slow their connections to a secure site is. We have no placed anyone on this box as yet but i am far from impressed. Terrible, just terrible! I cant believe that Cpanel Admin are actually putting up with this.
 
O

ozzi4648

Guest
[quote:f973e21340][i:f973e21340]Originally posted by Juanra[/i:f973e21340]

I just filed a bug, this is the URL in case you want to comment on it:
http://web.cpanel.net/bugzilla/show_bug.cgi?id=900
[/quote:f973e21340]

Im glad we are not the only ones. Want to see a fast connection to a control panel using SSL? Click here http://srv05.primenet.cc and you will see what i consider fast for a ssl connection. Its our Ensim #5 server. This is totally unacceptable and we would never torture our clients with this kind of performance, on Cpanel. Let me though, arent the connections thru stunnel? Wouldnt that be considered a secure connection on 2082?
 
B

bdraco

Guest
This is probably due to reverse dns, or a improper resolv.conf on your server. You should contact support for help with setting up your server properly.
 
O

ozzi4648

Guest
[quote:c7509fcdc3][i:c7509fcdc3]Originally posted by bdraco[/i:c7509fcdc3]

This is probably due to reverse dns, or a improper resolv.conf on your server. You should contact support for help with setting up your server properly.[/quote:c7509fcdc3]

Rubbish, absolute rubbish. Its got nothing to do with reverse DNS and our resolv.conf is correct, unless its incorrect on our other 22 servers i cant see whats so special with this one Cpanel server. Basically all resolv.conf's are the same with minor adjustments.
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
SSL/https connections on Horde, Neomail, WHM, Cpanel are now incredibly fast (ie. flying). Can't see any difference between non-SSL and SSL connections.

Does anyone know anything about the windows gui for this new version?
 
O

ozzi4648

Guest
Yes, its much faster now on port 2083 but i still dont understand why i am getting &This page contains both secure and non secure items, do you want to display the non secure items& when going into Neromail! Then when i click on horde and i say YES to this annoying message again, i get a page not found.
 

jsteel

Well-Known Member
Jul 4, 2002
646
0
166
Atlanta, GA
[quote:aa5287c04f][i:aa5287c04f]Originally posted by Iain Shortreed[/i:aa5287c04f]

shouldnt ssl setup correctly run just as fast as standard connection?[/quote:aa5287c04f]

No. SSL will always be slower than non-SSL. The overhead created by encrypting and then decrypting the data will always take longer than just non-encrypted data being sent.

Jaz
 
O

ozzi4648

Guest
Negative, i have 208 i didnt even know about 219 till just now.
 

cass

Well-Known Member
Jul 17, 2002
354
0
166
Argentina/USA/Mexico
The &non secure item& problem could be cause this :
...
...
to be much more stable. Also you can now select if you wish to build curl
with or without ssl support (ssl in curl has been know to cause problems
on redhat 6.2 platforms). &b&A quick way to upgrade is to run
/scripts/easyapache in a root ssh session.&/b& &br& Severity: &img
src=&http://web.cpanel.net/whmnews/images/1.gif&&
....
...

in the NEWS ... you can see there's one NON cached .gif, so, you will need to download this one from that non secure site :)

NICK... can you please fix this? :) tnx!

Regards.
 

jode

Registered
Jul 24, 2002
3
0
151
I have still problem with slow SSL connections. Server's build is R236 and resolv.conf shouldn't be problem. Have you guys any suggestions for me?

/var/log/messages doesn't look completely normal:

Oct 14 16:18:52 xxx stunnel[17747]: Connection closed: 18307 bytes sent to SSL, 413 bytes sent to socket
Oct 14 16:18:57 xxx stunnel[17784]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
Oct 14 16:18:57 xxx stunnel[17784]: Connection reset: 148 bytes sent to SSL, 450 bytes sent to socket
Oct 14 16:18:57 xxx stunnel[17787]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
Oct 14 16:18:57 xxx stunnel[17787]: Connection reset: 148 bytes sent to SSL, 445 bytes sent to socket
Oct 14 16:18:57 xxx stunnel[17790]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
Oct 14 16:18:57 xxx stunnel[17790]: Connection reset: 148 bytes sent to SSL, 449 bytes sent to socket

All those problems came out when I updated to R236 and stunnel 4.