SSL_read error on multiple simultaneous upstream SSL downloads

Agent Coulson shield1182 at
Mon Oct 21 17:50:31 UTC 2013


thanks for that input, I have done some debugging and examined the SSL
context when this state arrises.  Two SSL* structs (from different
connections) point to the same packet data.  Disabling the read_ahead flag
mitigates this.

I've attached a patch, after applying I was unable to repro using

I'll submit a report to the upstream openssl project.


On Sat, Oct 19, 2013 at 12:58 PM, Maxim Dounin <mdounin at> wrote:

> Hello!
> On Fri, Oct 18, 2013 at 07:59:40PM +0000, Agent Coulson wrote:
> > Yes, I am able to reproduce this talking to the same nginx as an
> upstream,
> > here is my new config.  To reproduce, create a file in the root which is
> > several Mb, i used 20Mb, and issus multiple simultaneous curl's to the
> > object, i found rate-limiting my curl is the best way to repro.  This
> > suggests there is some problem when we have to buffer.  I'm skeptical
> that
> > this is an openssl issue as I have used multiple different openssl
> versions
> > and still run into this.  However for completeness, I've reprod with
> > openssl sources from (openssl-1.0.1e) as you suggested.
> [...]
> Ok, I was able to reproduce this.
> Looks like a regression in OpenSSL 1.0.0+.  I'm able to reporduce
> the problem with OpenSSL 1.0.0 and more recent versions, including
> recent git snapshot, but everything is fine with OpenSSL 0.9.8y
> and previous versions.
> Bisection on OpenSSL 1.0.0 branch may be a helpful to trace the
> exact cause.
> --
> Maxim Dounin
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch.patch
Type: application/octet-stream
Size: 978 bytes
Desc: not available
URL: <>

More information about the nginx-devel mailing list