前面兩篇部落格了解了TLS的先關原理!現在開始直面實際問題了!!
問題:目前https cps為500時正常,但是cps為3000 時出現問題,檢視log出現
//SSL_shut_down error.1 n=407、 相關log
也就是shutdown的時候sslctx是SSL_R_SHUTDOWN_WHILE_IN_INIT
int SSL_shutdown(SSL *s)
{
/*
* Note that this function behaves differently from what one might
* expect. Return values are 0 for no success (yet), 1 for success; but
* calling it once is usually not enough, even if blocking I/O is used
* (see ssl3_shutdown).
*/
if (s->handshake_func == 0) {
SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
return -1;
}
if (!SSL_in_init(s)) {
return s->method->ssl_shutdown(s);
} else {
SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
return -1;
}
}
分析:
根據log分析:原因是ssl剛剛初始化後剩下的ssl_handshake 沒有執行完就被幹掉,現在要來看為什麼ssl handshake被幹掉;
看了一下openssl的代碼邏輯 其主要為ssl 狀态以及加密算法庫
![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiI0gTMx81dsQWZ4lmZf1GLlpXazVmcvwFciV2dsQXYtJ3bm9CX9s2RkBnVHFmb1clWvB3MaVnRtp1XlBXe0xCMy81dvRWYoNHLwEzX5xCMx8FesU2cfdGLwMzX0xiRGZkRGZ0Xy9GbvNGLpZTY1EmMZVDUSFTU4VFRR9Fd4VGdsYTMfVmepNHLrJXYtJXZ0F2dvwVZnFWbp1zczV2YvJHctM3cv1Ce-cmbw5iMzIzM3YmNkNzYxEzYxQjYyYzXzUzM1UTMzIzLcZDMyIDMy8CXn9Gbi9CXzV2Zh1WavwVbvNmLvR3YxUjLyM3Lc9CX6MHc0RHaiojIsJye.png)
目前問題已經解決:根本原因是性能問題導緻openssl三次握手邏輯逾時被主動斷開導緻
BIO_new_fp
SSLfatal