SSLSessionCache

If the following error is encountered in the error.log file:

[warn] Init: Session Cache is not configured [hint: SSLSessionCache]

This usually points to a distro breaking up SSL directives from the base SSL virtual host configuration. The default SSL configuration shipped with apache.org's Apache package contains these SSL configurations along with a base virtual host configuration.

Make sure that your SSL configuration file gets loaded before your virtual host configuration file and contains a line that looks like:

SSLSessionCache        shmcb:/some/example/path/ssl_scache(512000)

For confirmation, use http://localhost/server-status to check the cache status.

Output should be similar to the following:

SSL/TLS Session Cache Status: <<BR>> 
cache type: SHMCB, shared memory: 512000 bytes, current sessions: 1[[BR]]
sub-caches: 32, indexes per sub-cache: 133[[BR]]
time left on oldest entries' SSL sessions: avg: 297 seconds, (range: 297...297)[[BR]]
index usage: 0%, cache usage: 0%[[BR]]
total sessions stored since starting: 1[[BR]]
total sessions expired since starting: 0[[BR]]
total (pre-expiry) sessions scrolled out of the cache: 0[[BR]]
total retrieves since starting: 1 hit, 1 miss[[BR]]
total removes since starting: 0 hit, 0 miss[[BR]]

If you do not get any session cache statistics on the server-status page then your SSL configuration is not correctly set.

To enable server-status, the following construct can be used in your Apache configuration file:

Example

<IfModule mod_status.c>
    #
    # Allow server status reports generated by mod_status,
    # with the URL of http://servername/server-status
    # Change the ".example.com" to match your domain to enable.
    #
    ExtendedStatus On 
    <Location /server-status>
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from .example.com
    </Location>
</IfModule>

Problems on 64-bit Microsoft Windows

The following error may be encountered in the error.log file on a 64-bit version of Windows with the 32-bit version of Apache:

Syntax error on line 62 of C:/Program Files (x86)/Apache Software Foundation/Apache2.2/conf/extra/httpd-ssl.conf:
SSLSessionCache: Invalid argument: size has to be >= 8192 bytes

The offending line will be something like this:

SSLSessionCache "shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"

Due to a parser error the "(x86)" in the path is mistakenly found when looking for the bracketed cache size parameter at the end. A work-around is to create a link to the Apache folder somewhere else and then replace the Apache folder of the above path with the path of that link. For example, create a link to
C:/Program Files (x86)/Apache Software Foundation

in your user folder as:

c:\Users\myusername\Apache

and then use that path in the config file:

SSLSessionCache "shmcb:c:/Users/myusername/Apache/Apache2.2/logs/ssl_scache(512000)"

As an alternative under Vista/Windows 7/Server 2008/Server 2008 R2 64bit you can create a junction:

mklink /j "C:\Program Files\Apache Software Foundation\Apache2.2\logs" "C:\Program Files (x86)\Apache Software Foundation\Apache2.2\logs"

and then simply remove the (x86) from the path in the config file:

"shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"

A less complex alternative is to use the 8.3 compatible short name for "Program Files (x86)" which can be found by running:

dir /x c:\

The short name will probably look like "PROGRA~2". The offending line can then be changed to:

SSLSessionCache "shmcb:C:/PROGRA\~2/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"

NOTE: The tilde (~) must be backslash escaped.

  • No labels