000023096 - Apache 1.3 protected by ClearTrust agent 3.5 sporadically stops working returning 'internal server error'

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000023096
Applies ToClearTrust Web Agent Apache V3.5 Agent
Solaris 2.8
Apache 1.3 on Solaris
IssueCT_IO_ERROR
CT_AUTH_UNKNOWN_ERROR
ct_receive_TCP: SSL error 6
"Internal server error"
Cause

It has been reported that sporadically an Apache 1.3 webserver protected by CT agent 3.5 might stop working correctly, returning internal server errors.

The problem is caused by issues with the SSL communication channel used by the agent to talk to the aserver. Agents using non-encrypted communication ( cleartrust.agent.ssl.use=Clear in webagent.conf ) should not be affected by this issue.

This issue can be temporarily resolved by restarting Apache.

Typically the following entries would appear in the agent's debugging log when this error's occurring:

1158849402.267 6269 2 5:ct_receive_TCP: SSL error 6
1158849402.267 6269 2 5:ct_mux_read_msg_header: failed to read: CT_SOCKET_ERROR
1158849402.267 6269 2 5:ct_mux_transport_recv_reply: return CT_SOCKET_ERROR
1158849402.267 6269 2 5:ct_mux_transport_make_request: return CT_SOCKET_ERROR
1158849402.267 6269 2 4:ct_tickle_server_pool: Failed test request to server 192.168.51.108, port 5615
1158849402.267 6269 2 3:ct_tickle_server_pool: return CT_SOCKET_ERROR

Should you need to enable debugging for your CT 3.5 agent, simply add the following lines in webagent.conf after the <Global> line:

cleartrust.agent.debug.enabled=Yes
cleartrust.agent.debug.level=5
cleartrust.agent.debug.file=/tmp/CTAgent-debug.log
cleartrust.agent.debug.flags=o

... and restart apache.

ResolutionIn order to fix this issue, please contact customer support and request HotFix 3.5.0.55
Legacy Article IDa31980

Attachments

    Outcomes