ssl_verify_client memory usage

Corey Cotter lists at ruby-forum.com
Sun Jan 20 22:38:19 MSK 2008


Hi,

We're using SSL with client side certificates through nginx. When
enabling "ssl_verify_client", memory usage increases drammatically (and
continues to grow). When "ssl_verify_client" is disabled, memory usage
stays very low.

I'm testing on Mac OSX 10.5 now but the problem is present on Gentoo as
well. Any ideas?

The basic configuration is:

worker_processes  1;
pid logs/nginx.pid;

events {  worker_connections  1024; }

http {
  include                    mime.types;
  default_type               application/octet-stream;

  tcp_nopush                 on;
  tcp_nodelay       on;

  sendfile       off;

  upstream mongrel {
      server 127.0.0.1:3000;
  }

  server {
    listen                 8443;
    ssl                    on;
    ssl_certificate        xxxx.crt;
    ssl_certificate_key    xxxx.key;
    ssl_client_certificate xxxx.pem;
    ssl_verify_client      on;
    ssl_session_cache      off;
    keepalive_timeout      70;

    location / {
      proxy_set_header   X-Real-IP  $remote_addr;
      proxy_set_header   X_FORWARDED_PROTO https;
      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header   Host $http_host;
      proxy_redirect     false;
      proxy_max_temp_file_size 0;

      proxy_pass         http://127.0.0.1:3001;
    }
  }
}
-- 
Posted via http://www.ruby-forum.com/.





More information about the nginx mailing list