On 11/01/2025 19:37, Michael Stone wrote:
This is because some servers drop a connection when they're done
rather than closing it gracefully. (This is actually becoming more
common than not due to changes in the way HTTPS is used between
browsers and servers on the modern internet.) You can try filing a bug
against apache2-utils asking that ab add IgnoreUnexpectedEOF to the
SSL options. I don't know
what kind of reception that will get if you can't demonstrate it being
a problem on your own site. It's also possible to modify openssl.cnf
to make this option the default for all connections. To do that,
create the following in $HOME/openssldemo.cnf:
openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = ssl_default_sect
[ssl_default_sect]
Options = IgnoreUnexpectedEOF
Then run
env OPENSSL_CONF=$HOME/openssldemo.cnf ab -r -n1 -c1
https://www.google.com/
and it should work fine. It's possible to modify /etc/ssl/openssl.cnf
to make that the system default by adding the ssl_conf directive to
the existing [openssl_init] in that file, then adding everything from
[ssl_sect] down to the bottom. There are various pros and cons to
doing this, which is why it isn't the default already.
Great answer. Unfortunately this does not seem to work in Bookworm but I
can make it work in Trixie. Seems to require OpenSSL 3.2 from a few
issues I found.
Either way, I can live with this, thank you.
