I'm trying to debug a problem with SSL in Apache. I've used Wireshark to capture the packets, and I see the client hello message go out, and then about 10 seconds or so later, I get back a server hello. Once the SSL connection is established, subsequent HTTPS request are faster.
I am using /dev/urandom for entropy, and I think I have plenty available. My CPU load is next to nothing, but I receive about 10 requests/second.
I'm using the stock settings in Apache 2.2.14 on Ubuntu 10.04. My certificate is a SAN certificate from GoDaddy.
What steps should I take to find out why my server takes so long to respond over SSL? HTTP is snappy, but HTTPS is dead slow.
Edit:
Here is an image that shows the client hello, and then about 10 seconds later, the server hello:
Best Answer
Increasing MaxClients will most likely fix this problem.
Note that the default value for MaxClients IS 256, so if this change took care of the problem then you probably had a setting for MaxRequestWorkers that was something lower. Note that MaxClients is the deprecated name and MaxRequestWorkers is the new name, so if you had a smaller MaxRequestWorkers then added a MaxClients later down in the config, the MaxClients value would override your lower MaxRequestWorkers value, fixing the problem.
As far as why this only happened on HTTPS, I suspect it's because browser clients are more aggressive at keeping connections alive when on HTTPS (understandably). So it is much easier to run out of available clients.