On Mon, 7 Oct 2002, Boyle Owen wrote: > First off, you might be better posting this on the apache list > (http://httpd.apache.org/userslist.html) since I think this primarily a > server issue (or maybe mod_ssl) - not really openSSL...
Thanks. I'll go there today. > What is happening is that the two requests are arriving simultaneously but > that the response to the 408 request takes 5 minutes to be logged. > > This all means that the second request (leading to the 408) must be > requesting a real CGI program on your server. Furthermore, the request is > framed such that it causes the program to get stuck or in a loop or otherwise > take longer than 5 minutes to respond. That all makes a lot of sense... the problem is, the request is logged as a single dash "-" where the filename would be, so it doesn't look like the request is for a legitimate script. > PS the "GET_CLIENT_MASTER_KEY:key arg too long" message looks like the trap > against the buffer-overflow exploit in 0.9.6g. But this is being trapped and > so I think you are safe against it. That in a way is bad news because I'm left without an answer still (hehe)... I'll start looking towards apache instead of openssl next, thanks for the reply. Dan. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
