SSL handshaking very slow
infallibilismindefeasibility at calomel.org
Fri Nov 26 18:37:24 MSK 2010
It sounds like your system is running out of entropy. Every time a new
SSL connection is made the system needs to have a certain amount of
"randomness" to make new ssl key negotiations. 20K new connections
seems like a entropy resource starvation. If you are running Linux
check out "rngd" and take a look at our page at the following link.
Entropy and Random Number Generators
Calomel @ https://calomel.org
Open Source Research and Reference
On Thu, Nov 25, 2010 at 06:41:08AM -0500, arashf wrote:
>I'm running the latest stable version of nginx and running into a
>strange issue. after a few hour of operation, SSL handshaking stars to
>become very, very slow. in some cases, establishing an SSL connection
>will take over 30 seconds and the browser consequently timeouts. that
>said, when an SSL connection is established, everything is blazing fast.
>similarly, accessing the site over HTTP is fast.
>restarting nginx doesn't seem to fix the machine once it gets into this
>state. the only fix is to restart the whole machine. I generally have
>something like 20k SSL sessions active on this machine. changing the SSL
>session timeouts, etc. has no effect once the machine gets into this
>state. are there any obvious parameters (either nginx specific or
>system) that I should be looking at? thanks greatly in advance.
>Posted at Nginx Forum: http://forum.nginx.org/read.php?2,153231,153231#msg-153231
>nginx mailing list
>nginx at nginx.org
More information about the nginx