Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3003
Views
0
Helpful
1
Replies

Definition of SSL Accept Errors

rhholmes
Level 1
Level 1

‎01-30-2003 10:55 AM

I am receiving SSL Accept Errors and the documentation does not describe the possible causes of this condition. Here is the output from the show ssl errors command. What is a normal percentage of errors versus connections?

------------------------------

sca2# sho ssl stat

------------------------------

For 'sca2':

Active Client Connections (AC): 13

Active Server Connections: 13

Active Sockets (AS): 27

SSL Negotiation Errors (SNE): 1603

Total Socket Errors (TSE): 1

Connection Errors to remote Server (CES): 0

Total Connection Block Errors (TCBE): 0

Total SSL Connections Refused: 0

Total SSL Connections Rejected (TSCR): 0

Total Connections Accepted (TCA): 240459

Total RSA Operations in Hardware (TROH): 38439

Total SSL Negotiations Succeeded (TSNS): 237186

------------------------------

------------------------------

sca2# sho ssl error

------------------------------

For 'sca2':

SSL Negotiation Errors (SNE) : 1604

Total SSL Connections Rejected no resources : 0

Ssl Accept Errors : 1604

SSL System Call Errors : 1585

SSL Zero Return Errors : 19

SSL System Write Errors to client : 0

SSL Write Broken Connection Errors to client : 0

SSL System Read Errors from client : 1

SSL Read Broken Connection Errors from client : 0

System Write Errors to remote server : 0

Broken Connection Write Errors to remote server : 0

System Read Errors from remote server : 0

Broken Connection Read Errors from remote server : 0

System Call Error Histogram for Client SSL Connections

System Call Error Histogram for Server Connections

------------------------------

The following is someones description from RedHat for their web server. I'm guessing an "SSL System Call Errors" correlates with the description for "general SSL accept error -1" and the "SSL Zero Return Errors" with the "general SSL accept error 0".

Usually, a "general SSL accept error -1" implies something went wrong during the handshake. This could have been caused by a client with a broken SSL implementation, but that doesn't happen very often. The most common cause is a client trying to make a plain (non-secure) HTTP request to the (secure) HTTPS server. These errors can also result from someone opening a telnet connection to the SSL port and then closing the connection. Several load balancers are configured to create these bogus connections to test response.

For "general SSL accept error 0," the most common cause is the client breaking the connection during the handshake; network connectivity problems problems on either end or in transit can also cause this message. It's not really an error as such, just information that SSLeay couldn't send any data to a socket.

Thanks,

Rob

Labels:
0 Helpful
1 Reply 1

ssoberlik
Level 4
Level 4

‎02-05-2003 01:02 PM

I am curious too to know the normal values of these errors. Would appreciate if anybody can help.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card