Mod_ssl randomly causes apache threads to use 100% of CPU

This looks like https://issues.apache.org/bugzilla/show_bug.cgi?id=44381 which is fixed in 2.2.9.

Hello Stefan, thanks for your reply. Is 2.2.9 available on Hardy?

Can you try the version in my ppa?

Thanks
chuck

Chuck, comment added to the corresponding private bug (306601). In short, this PPA appears to solve the problem. I am recommending an SRU for it.

This bug has been fixed upstream and in later relases of Ubuntu. Without this patch users that use mod_proxy and SSL will cause apache processes to use up all of the CPU. I have attached the upstream patch which resolves this issue. I have also attached the debdiff. This patch has also been verified to work as demonstrated above as well.

To reproduce this create a mod_proxy site with SSL enabled and just hammer it with connections.

If you have any questions please let me know.

Regards
chuck

marking as fixed in the latest release, per comments in the bug.

This should be resolved for the 8.04.3 point release. Matthias, assigning this to you per discussion with Rick; please prepare an apache2 SRU for this issue as soon as practical.

Uploaded to hardy-proposed

Accepted into hardy-proposed; please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

An apache2 security update was released for hardy today. Unfortunately, the apache2 package in -proposed needs to get merged with the security update and re-released.

ubuntu0.6 uploaded to -proposed

Accepted apache2 into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

This package will be superseded by apache2 - 2.2.8-1ubuntu0.8 by the end of the day. 2.2.8-1ubuntu0.8 contains a security update. Please update your upload to use 2.2.8-1ubuntu0.8 when it becomes available. Thanks!

Mathias, please merge and reupload.

apache2_2.2.8-1ubuntu0.9 uploaded to -proposed.

Accepted into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I've been unable to reproduce the hanging behavior with apache configured in a variety of different proxy configurations and beating on it for quite a while. I have verified that the version in hardy-proposed, 2.2.8-1ubuntu0.9, also functions when configured to proxy, as well as continuing to serve webpages under load. I also ran the security team's regression test for apache and found no regressions there.

I think that's sufficient to consider this verified, given how long this has been in -proposed now in various iterations.

This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.9

---------------
apache2 (2.2.8-1ubuntu0.9) hardy-proposed; urgency=low

  * debian/patches//101_fix-spinning-mod_proxy.dpatch: Fix mod_proxy
    with SSL using all the CPU. (LP: #306293)

 -- Chuck Short <email address hidden> Fri, 13 Feb 2009 15:43:29 +0000

Confirming fix in apache2 2.2.8-1ubuntu0.9. It was tested in simulated, and also in work environment. Thank you all.

I am trying to figure out who to add this patch. Can someone help me? Thanks.