Re: [openlitespeed-development] OLS 1.3 SSL/SPDY Issues

82 views
Skip to first unread message

George Wang

unread,
May 2, 2014, 10:22:35 AM5/2/14
to openlitespee...@googlegroups.com
Hi Scott,

Thanks for the bug report.


Vhosts that are not included in the SSL listener but that are included in the regular port 80 listener, are still listening on port 443 but actually serve the Listener SSL certificate. I am not sure how to stop this, I just do not need the VHosts webpage to load at all for the SSL listener if it the VHost has not been defined to include an SSL certificate. I host some websites with SSL certs, and some without. There are only two SSL listener vhosts with no wildcard. There is a wildcard on the regular port 80 listener.
You just do not map the vhost without SSL cert to the SSL listener.
However, if you do not have dedicate IP for each SSL site, using SNI to let multiple sites sharing one IP, no matter what, user will get the Listener SSL certificate when accessing port 443.


Continuing, when I access the first website in the SSL listener via HTTPS with Firefox, the page never seems to finish loading. When I access the webpage with Chrome, all is dandy.
We are going to release 1.3.1, hopefully, it will be addressed.


Website 2 is different, it is just a subdomain which has an SSL certificate for a statistics application (piwik stats). Whenever I access the stats subdomain with Firefox, nothing happens. When I access with Chrome, I receive this message: 

Error code: ERR_SPDY_PROTOCOL_ERROR

Digging further, I uncovered this snippet in the chrome internals spdy log:

t=10862 [st=472]  SPDY_SESSION_SEND_RST_STREAM
                  --> description = "Could not parse Spdy Control Frame Header."

          
The full link to the log is here: http://pastebin.com/PZb1z4jZ

          



          
No configuration files were changed when upgrading from 1.2.9 to 1.3. If it is necessary, I can start fresh with a clean install of OLS, but I believe this may be either a configuration error or some other internal bug.

        

      

    

    It is likely 1.3 bugs,
      please wait for 1.3.1, it is coming. 

      

      Best regards,

      George Wang

    
    

      

        

          



          
I can provide more information if necessary!

          



          
Thanks

        

      

      -- 

      You received this message because you are subscribed to the Google
      Groups "OpenLiteSpeed Development" group.

      To unsubscribe from this group and stop receiving emails from it,
      send an email to openlitespeed-deve...@googlegroups.com.

      To post to this group, send email to openlitespee...@googlegroups.com.

      Visit this group at http://groups.google.com/group/openlitespeed-development.

      For more options, visit https://groups.google.com/d/optout.

    

    

  



Reply all
Reply to author
Forward
0 new messages