Can Windows log CryptoAPI CRL timouts?
Posted
by
makerofthings7
on Server Fault
See other posts from Server Fault
or by makerofthings7
Published on 2012-06-02T03:53:02Z
Indexed on
2012/06/02
4:42 UTC
Read the original article
Hit count: 651
We have several .NET applications that occasionally "act slow" with no CPU or disk access. I suspect that they are hung up on authentication when trying to validate the certificate, since the timeout is almost 20 seconds.
As per this MSFT article
Most applications do not specify to CryptoAPI to use a cumulative time-out. If the cumulative time-out option is not enabled, CryptoAPI uses the CryptoAPI default setting which is a time-out of 15 seconds per URL. If the cumulative time-out option specified by the application, then CryptoAPI will use a default setting of 20 seconds as the cumulative timeout. The first URL receives a maximum timeout of 10 seconds. Each subsequent URL timeout is half of the remaining balance in the cumulative timeout value.
Since this is a service, how can I detect and log CryptoAPI hangs for applications I have sourcecode to, and also 3rd party
© Server Fault or respective owner