This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

SSLSessionCache

If the following error is encountered in the error.log file:

[warn] Init: Session Cache is not configured [hint: SSLSessionCache]

This usually points to a distro breaking up SSL directives from the base SSL virtual host configuration. The default SSL configuration shipped with apache.org's Apache package contains these SSL configurations along with a base virtual host configuration.

Make sure that your SSL configuration file gets loaded before your virtual host configuration file and contains a line that looks like:

SSLSessionCache        shmcb:/some/example/path/ssl_scache(512000)

For confirmation, use http://localhost/server-status to check the cache status.

Output should be similar to the following:

SSL/TLS Session Cache Status: <<BR>> 
cache type: SHMCB, shared memory: 512000 bytes, current sessions: 1[[BR]]
sub-caches: 32, indexes per sub-cache: 133[[BR]]
time left on oldest entries' SSL sessions: avg: 297 seconds, (range: 297...297)[[BR]]
index usage: 0%, cache usage: 0%[[BR]]
total sessions stored since starting: 1[[BR]]
total sessions expired since starting: 0[[BR]]
total (pre-expiry) sessions scrolled out of the cache: 0[[BR]]
total retrieves since starting: 1 hit, 1 miss[[BR]]
total removes since starting: 0 hit, 0 miss[[BR]]

If you do not get any session cache statistics on the server-status page then your SSL configuration is not correctly set.

To enable server-status, the following construct can be used in your Apache configuration file:

Example

<IfModule mod_status.c>
    #
    # Allow server status reports generated by mod_status,
    # with the URL of http://servername/server-status
    # Change the ".example.com" to match your domain to enable.
    #
    ExtendedStatus On 
    <Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from .example.com
    </Location>
</IfModule>

Problems on 64-bit Microsoft Windows

The following error may be encountered in the error.log file on a 64-bit version of Windows with the 32-bit version of Apache:

Syntax error on line 62 of C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/extra/httpd-ssl.conf:
SSLSessionCache: Invalid argument: size has to be >= 8192 bytes

The offending line will be something like this:

SSLSessionCache "shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"

Due to a parser error the "(x86)" in the path is mistakenly found when looking for the bracketed cache size parameter at the end. A work-around is to create a link to the Apache folder somewhere else and then replace the Apache folder of the above path with the path of that link. For example, create a link to
C:/Program Files (x86)/Apache Software Foundation

in your user folder as:

c:\Users\myusername\Apache

and then use that path in the config file:

SSLSessionCache "shmcb:c:/Users/myusername/Apache/Apache2.2/logs/ssl_scache(512000)"

As an alternative under Vista/Windows 7/Server 2008/Server 2008 R2 64bit you can create a junction:

mklink /j "C:\Program Files\Apache Software Foundation\Apache2.2\logs" "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\logs"

and then simply remove the (x86) from the path in the config file:

"shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"

A less complex alternative is to use the 8.3 compatible short name for "Program Files (x86)" which can be found by running:

dir /x c:\

The short name will probably look like "PROGRA~2". The offending line can then be changed to:

SSLSessionCache "shmcb:C:/PROGRA\~2/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"

NOTE: The tilde (~) must be backslash escaped.

  • No labels