Painlyfully slow SSL connections

[ozzi4648]

I can't believe how slow it is to connect to port 2083 and 2087. And then whats up with the connection to Neromail more security popup boxes once a user visits webmail from his CP? This is not right. My users will soon leave when they see how slow their connections to a secure site is. We have no placed anyone on this box as yet but i am far from impressed. Terrible, just terrible! I cant believe that Cpanel Admin are actually putting up with this.

 

[Juanra]

I just filed a bug, this is the URL in case you want to comment on it:
http://web.cpanel.net/bugzilla/show_bug.cgi?id=900

 

[ozzi4648]

[quote:f973e21340][i:f973e21340]Originally posted by Juanra[/i:f973e21340]

I just filed a bug, this is the URL in case you want to comment on it:
http://web.cpanel.net/bugzilla/show_bug.cgi?id=900
[/quote:f973e21340]

Im glad we are not the only ones. Want to see a fast connection to a control panel using SSL? Click here http://srv05.primenet.cc and you will see what i consider fast for a ssl connection. Its our Ensim #5 server. This is totally unacceptable and we would never torture our clients with this kind of performance, on Cpanel. Let me though, arent the connections thru stunnel? Wouldnt that be considered a secure connection on 2082?

 

[bdraco]

This is probably due to reverse dns, or a improper resolv.conf on your server. You should contact support for help with setting up your server properly.

 

[ozzi4648]

[quote:c7509fcdc3][i:c7509fcdc3]Originally posted by bdraco[/i:c7509fcdc3]

This is probably due to reverse dns, or a improper resolv.conf on your server. You should contact support for help with setting up your server properly.[/quote:c7509fcdc3]

Rubbish, absolute rubbish. Its got nothing to do with reverse DNS and our resolv.conf is correct, unless its incorrect on our other 22 servers i cant see whats so special with this one Cpanel server. Basically all resolv.conf's are the same with minor adjustments.

 

[Juanra]

This has been fixed for us after upgrading to Stunnel v4 (CPanel build 201).

 

[Iain Shortreed]

shouldnt ssl setup correctly run just as fast as standard connection?

 

[moronhead]

SSL/https connections on Horde, Neomail, WHM, Cpanel are now incredibly fast (ie. flying). Can't see any difference between non-SSL and SSL connections.

Does anyone know anything about the windows gui for this new version?

 

[ozzi4648]

Yes, its much faster now on port 2083 but i still dont understand why i am getting &This page contains both secure and non secure items, do you want to display the non secure items& when going into Neromail! Then when i click on horde and i say YES to this annoying message again, i get a page not found.

 

[jsteel]

[quote:aa5287c04f][i:aa5287c04f]Originally posted by Iain Shortreed[/i:aa5287c04f]

shouldnt ssl setup correctly run just as fast as standard connection?[/quote:aa5287c04f]

No. SSL will always be slower than non-SSL. The overhead created by encrypting and then decrypting the data will always take longer than just non-encrypted data being sent.

Jaz

 

[moronhead]

Have you tried the new speedy Stunnel 4 yet? Build R219!

 

[ozzi4648]

Negative, i have 208 i didnt even know about 219 till just now.

 

[cass]

The &non secure item& problem could be cause this :
...
...
to be much more stable. Also you can now select if you wish to build curl
with or without ssl support (ssl in curl has been know to cause problems
on redhat 6.2 platforms). &b&A quick way to upgrade is to run
/scripts/easyapache in a root ssh session.&/b& &br& Severity: &img
src=&http://web.cpanel.net/whmnews/images/1.gif&&
....
...

in the NEWS ... you can see there's one NON cached .gif, so, you will need to download this one from that non secure site

NICK... can you please fix this? tnx!

Regards.

 

[jode]

I have still problem with slow SSL connections. Server's build is R236 and resolv.conf shouldn't be problem. Have you guys any suggestions for me?

/var/log/messages doesn't look completely normal:

Oct 14 16:18:52 xxx stunnel[17747]: Connection closed: 18307 bytes sent to SSL, 413 bytes sent to socket
Oct 14 16:18:57 xxx stunnel[17784]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
Oct 14 16:18:57 xxx stunnel[17784]: Connection reset: 148 bytes sent to SSL, 450 bytes sent to socket
Oct 14 16:18:57 xxx stunnel[17787]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
Oct 14 16:18:57 xxx stunnel[17787]: Connection reset: 148 bytes sent to SSL, 445 bytes sent to socket
Oct 14 16:18:57 xxx stunnel[17790]: SSL_read (SSL_ERROR_SYSCALL): Connection reset by peer (104)
Oct 14 16:18:57 xxx stunnel[17790]: Connection reset: 148 bytes sent to SSL, 449 bytes sent to socket

All those problems came out when I updated to R236 and stunnel 4.

 

[thomas]

Slow here as well, with the same build, and same errors.

 

[dandanfireman]

It appears to have been resolved with the latest update, 241