When increasing 'StartServers' value and accessing to WebAgent by multi threads, WebAgent send RST packets to Policy Server and Policy Server output HandShake errors.
[4844/4968][Thu Apr 06 2017 17:52:26][CServer.cpp:1974][ERROR][sm-Tunnel-00010] Bad security handshake attempt. Handshake error: 3152 [4844/4968][Thu Apr 06 2017 17:52:26][CServer.cpp:1981][ERROR][sm-Tunnel-00030] Handshake error: Failed to receive client hello. Socket error 0 [4844/4968][Thu Apr 06 2017 17:52:26][CServer.cpp:2147][ERROR][sm-Server-01070] Failed handshake with 10.131.xxx.xxx:57654
This problem is related to karnel side, not CA SSO.
In using Apache 'prefork' mode, when too many process are created (e.g increasing httpd.conf value regarding to the number of process, and accessing by many threads...etc), so many orphans child processes are likely to be existing.
Under this situation, there is some possibilities that these processes are reset immediately and warning is printed, by exceeding 'tcp_max_orphans' value at karnel side.
Change MPM mode and work as 'worker' mode, not 'prefork'.
Apache MPM prefork: