views:

247

answers:

2

A have a Perl cron job that recently started having its HTTPS connections start failing with an error of "500 SSL read timeout". I've tracked that the error is being thrown as part of an alarm in Crypt::SSLeay, but I don't know if this is simply something taking too long to respond.

So far, I've adjusted the timeout from the default 30 seconds to 10 minutes and it still times out. I've moved the script to other machines, and those on Intel Mac OS X systems all time out, while those under Linux, or on PPC Mac OS X systems run fine, so I don't think it's changes on the network or remote server.

When the process started having problems does not coincide with any software updates or reboots on the machine, and I've contacted the server I'm connecting to, and everyone claims that they haven't changed anything.

Does anyone have recommendations on trying to debug HTTPS, or have you ever seen this behavior and give recommendations on something I might've overlooked at that could've caused this problem?

A: 

I have the same problem. Wish I had an answer.

anonymous
+2  A: 

The problem seems to be specific to OS X and related directly to OpenSSL, so not unique to perl. It possibly has to do with one of the latest security updates from Apple (2010-001).

I'm having the same issue with:

  • python httplib (uploads over ~64k produce 'The read operation timed out' error). Smaller uploads over SSL work. Uploads of all sizes over HTTP work.

  • curl over HTTPS. curl times out. Same curl command from Linux works fine with both HTTP and HTTPS. curl on OS X over HTTP also works fine.

I found a few places online that cover similar issues across different programming languages / software. I can only post one... https://blog.torproject.org/blog/apple-broke-openssl-which-breaks-tor-os-x

Strange ... I hadn't thought it coincided w/ an update, but upon further checking, it seems I didn't ask all of the sysadmins -- and in checking /Library/Receipts/InstallHistory.plist, I see "Security Update 2010-001" was installed 15 min before the problem showed up. (and I'm guessing, didn't require a reboot)
Joe
I just did a quick check on Tiger (which was offline for a while, so certainly didn't have the update) and it all worked well.Oddly though, I would have expected a different version of OpenSSL, but both Tiger and Leopard are showing the same version 0.9.7l...
another note and a potential workaround/solution - the timeout seems to take place when uploading/sending small chunk sizes. Increasing the buffer/chunk size (to about 8192 bytes) for each send seemed to allow an upload to go through. Only tested on python, so can't comment on perl, but might be worth a try.