limit_conn before SSL handshake
Alan Hamlett
alan.hamlett at gmail.com
Mon Sep 9 22:43:10 UTC 2013
Currently the limit_conn and limit_conn_zone config options have this
context (can only be used inside these config scopes).
context: http,server,location
http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn
Those 2 configs have no way to prevent nginx from negotiating the SSL
handshake, since they only apply after nginx has a HTTP request.
This means the nginx server can become CPU bound by spending all it's time
in SSL only to have the request dropped by limit_conn.
How about making limit_conn and limit_conn_zone be applied before the SSL
handshake so precious CPU isn't spent negotiating an SSL session when the
connection limit will end up blocking the request anyway?
--
Alan
http://ahamlett.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130909/b0187377/attachment.html>
More information about the nginx-devel
mailing list