Hi,
Our server is Windows Server 2012 with IIS 8.5 and we run several web applications on it.
Last week, we disabled SSL v3.0 and implemented Forward Secrecy on our server for the POODLE attack. And we also released a new version of our web applications. The CPU went up to 30%-40%(normally it is 10-20%). Other than that, things were running smoothly.
This Monday, we renewed our certificates from SHA1 to SHA256 and we had the new certificates installed on our server. The installation went fine and apps ran perfectly fine after that.
Then things got ugly as this Tuesday some of our clients could not access our application via HTTPS. Requests for a small JS file cannot be completed and timed out. Errors like Net::ERR_TIMED_OUT were returned in Chrome.
Meanwhile, requests via HTTP were okay and completed fast.
The CPU sometimes went up and down from 10% to 70%-80% and then to 10%. And the server has plenty Memory resource.
We could not figure out why and we restarted the apps several times and it didn't work.
So after a while, we re-enabled SSL v3.0 and disabled Forward Secrecy and rebooted the server.
Finally everything went back to normal again, but we still don't know the root cause.
All we did were disabling SSL v3.0, implementing Forward Secrecy and upgrading to SHA 256. Could any of these cause the connection timeout?
Has anyone encountered this kind of issue? Or do you have any suggestion about how to pinpoint the root cause and resolve this issue?
Any help will be greatly appreciated. Thanks.
Henry