15

I ran some tests on ab and when I use a concurrency level of over 155 I get the following:

SSL handshake failed (5).
SSL handshake failed (5).
SSL handshake failed (5).
SSL handshake failed (5).
SSL handshake failed (5).
SSL handshake failed (5).
SSL handshake failed (5).
SSL handshake failed (5).
SSL handshake failed (5).
Completed 100 requests
Completed 200 requests
Finished 200 requests

The requests still succeed:

Concurrency Level:      200
Time taken for tests:   14.481 seconds  
Complete requests:      200
Failed requests:        0

I have tested it numerous times and the SSL handshake only fails once the concurrency exceeds 155. Can anybody explain to me how they could be directly related?

C_B
  • 253
  • 1
  • 2
  • 6

1 Answers1

13

The SSL handshake can fail when the connection in general fails or is interrupted, as well as due to SSL errors. It can also fail if it times out due to a lack of available entropy.

Chances are you're just hammering the server too hard. There isn't quite enough information here to determine what precisely is failing.

The definition of success in this test is odd and suspect. However, if memory serves, the error code 5 indicates that the socket is closed. Perhaps the connection is judged a success once SSL negotiation starts, rather than after it succeeds?

Falcon Momot
  • 24,975
  • 13
  • 61
  • 92
  • 1
    Error 5 (should) be IO error. But openssl sockets are typically built on top of normal sockets, so I've no idea what that *really* means. Normal sockets dont produce IO errors. – Matthew Ife Dec 24 '13 at 22:11
  • They do when they're closed remotely, do they not? – Falcon Momot Dec 24 '13 at 22:19
  • No, a write will produce EPIPE and a read will return 0 bytes. – Matthew Ife Dec 24 '13 at 22:57
  • I'm also not sure this is an error code which is in the same domain as those which could be passed to strerror(), but I really don't know as I haven't looked at the source. – Falcon Momot Dec 24 '13 at 23:13