[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Why some Tor servers are slow (was Re: TOR Park Exit Node Question)





Roger Dingledine wrote:

So masquerade is somehow not putting much attention into its ssl
handshakes. This could be because its network connection is actually
through a proxy or a firewall that is dropping some of the packets or
slowing things down tremendously. It could also be that it's running on
a 100 mhz 486, or its ulimits are set to something crazy-low, or it's
busy ray-tracing a movie, or something else.

I'd be curious to learn what's up with it. I've seen this behavior before
on Windows machines behind cable modems and crappy NAT boxes.

--Roger


I am also curious to know what is wrong with my server. Masquerade is a Debian linux (latest release) box , with an Athlon 500 MHz, and 256 MB RAM. It is not behind any NAT, it has a direct, switched connection to the internet at 100 Mbps.

Using the command Peter Palfrader gave, I was able to reproduce the problem on the very box, so the network can't have anything to do with it (I guess):

postmortem:# time openssl s_client -connect 155.207.113.227:9001
CONNECTED(00000003)
depth=1 /O=TOR/CN=masquerade <identity>
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/O=TOR/CN=masquerade
  i:/O=TOR/CN=masquerade <identity>
1 s:/O=TOR/CN=masquerade <identity>
  i:/O=TOR/CN=masquerade <identity>
---
Server certificate
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----
subject=/O=TOR/CN=masquerade
issuer=/O=TOR/CN=masquerade <identity>
---
No client certificate CA names sent
---
SSL handshake has read 1469 bytes and written 344 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
   Protocol  : TLSv1
   Cipher    : EDH-RSA-DES-CBC3-SHA
   Session-ID:
   Session-ID-ctx:
   Master-Key: ...
   Key-Arg   : None
   Start Time: 1128325862
   Timeout   : 300 (sec)
   Verify return code: 19 (self signed certificate in certificate chain)
---
read:errno=0

real    0m46.904s
user    0m0.093s
sys     0m0.007s



So, something is going wrong specificaly with ssl because if you try to make other connections to the server (eg web browse: http://postmortem.csd.auth.gr), it works very fast.So, how could I further troubleshoot ssl? Using some openssl parameters maybe? Any ideas?