SSL Strangeness

Curtis Spencer thorin at
Fri Nov 30 00:17:03 MSK 2007

I have been able to recreate the httperf issue on my dev server and on
my production server:  both running 0.5.33 and 4 mongrels behind the
On the dev server I have 2 work processes with 1024 worker connections
and 6 x 1024 on the production

nginx eats almost no cpu whatsoever during the test, which lends me to
believe it is partially a client issue when interacting with ssl.

httperf is able to perform fast for the first few ssl tests, but then
on subsequent it still goes down to 0.1 req/s.  I restart nginx on the
server box and the slowness persists with httperf.

Also, using the ssl_session_cache didn't make a difference on either machine.

Any other ideas?

Also here is some info about my SSL setup.  One of the pems is a self
signed cert and the other is a verisign, both created with openssl.

$ openssl engine -t
(dynamic) Dynamic engine loading support
     [ unavailable ]
$ openssl ciphers


On Nov 28, 2007 11:04 PM, Igor Sysoev <is at> wrote:
> On Wed, Nov 28, 2007 at 06:53:04PM -0800, Curtis Spencer wrote:
> > I am running 4 mongrels behind nginx with two servers blocks (one ssl
> > enabled).  I have a public facing app that 20-30 users go through each
> > day (non ssl) and administrative SSL controllers in the app that
> > people at my office use. I am noticing that by the end of day after a
> > lot of use of the SSL version of the app, that some requests are
> > hanging for certain people in the office (Mac OSX and Windows Firefox
> >  It very rarely hangs on my machine (Linux), but it
> > happens every now and then.  I don't think the mongrels are dying
> > because usually when these people encounter the hangs we can go to
> > other computers (Linux Windows OSX) in the office and hammer on the
> > SSL portion of site with no problems.  Also, the non SSL version of
> > the site never has any hanging AFAIK.
> > One thing I did happen to notice as well, is if I do performance
> > testing on SSL with httperf, at first it is decently fast, but on many
> > sequential runs it consistently degrades until httperf can barely do
> > any requests.  However, even while I do an httperf I can use the SSL
> > version of the site with different computers.  It just hangs on some,
> > usually towards the end of the day.
> How many nginx worker processes do you use ?
> Does nginx eat CPU while the test ?
> Could you set
>      ssl_session_cache    shared:SSL:10m;
> and run httperf again ?
> --
> Igor Sysoev

More information about the nginx mailing list