SSL Strangeness

Curtis Spencer thorin at gmail.com
Fri Nov 30 00:17:03 MSK 2007 

I have been able to recreate the httperf issue on my dev server and on
my production server:  both running 0.5.33 and 4 mongrels behind the
nginx.
On the dev server I have 2 work processes with 1024 worker connections
and 6 x 1024 on the production

nginx eats almost no cpu whatsoever during the test, which lends me to
believe it is partially a client issue when interacting with ssl.

httperf is able to perform fast for the first few ssl tests, but then
on subsequent it still goes down to 0.1 req/s.  I restart nginx on the
server box and the slowness persists with httperf.

Also, using the ssl_session_cache didn't make a difference on either machine.

Any other ideas?

Also here is some info about my SSL setup.  One of the pems is a self
signed cert and the other is a verisign, both created with openssl.

$ openssl engine -t
(dynamic) Dynamic engine loading support
     [ unavailable ]
$ openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5


-Curtis

On Nov 28, 2007 11:04 PM, Igor Sysoev <is at rambler-co.ru> wrote:
> On Wed, Nov 28, 2007 at 06:53:04PM -0800, Curtis Spencer wrote:
>
> > I am running 4 mongrels behind nginx with two servers blocks (one ssl
> > enabled).  I have a public facing app that 20-30 users go through each
> > day (non ssl) and administrative SSL controllers in the app that
> > people at my office use. I am noticing that by the end of day after a
> > lot of use of the SSL version of the app, that some requests are
> > hanging for certain people in the office (Mac OSX and Windows Firefox
> > 2.0.0.5-10).  It very rarely hangs on my machine (Linux), but it
> > happens every now and then.  I don't think the mongrels are dying
> > because usually when these people encounter the hangs we can go to
> > other computers (Linux Windows OSX) in the office and hammer on the
> > SSL portion of site with no problems.  Also, the non SSL version of
> > the site never has any hanging AFAIK.
>
> > One thing I did happen to notice as well, is if I do performance
> > testing on SSL with httperf, at first it is decently fast, but on many
> > sequential runs it consistently degrades until httperf can barely do
> > any requests.  However, even while I do an httperf I can use the SSL
> > version of the site with different computers.  It just hangs on some,
> > usually towards the end of the day.
>
> How many nginx worker processes do you use ?
> Does nginx eat CPU while the test ?
> Could you set
>
>      ssl_session_cache    shared:SSL:10m;
>
> and run httperf again ?
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>

More information about the nginx mailing list