Bad Decompression error after default ssl_session_timeout

Maxim Dounin mdounin at
Tue May 22 17:27:44 UTC 2012


On Tue, May 22, 2012 at 03:15:31AM -0400, lima wrote:

> Hi,
> I have an LB setup with nginx for an ssl enabled site which load balance
> with 2 apache servers. All the servers are CentOS5.5* and  OpenSSL
> 0.9.8e-fips-rhel5 01 Jul 2008. Also we are using the same SSL
> certificate on all the 3 servers.
> It does load balance perfectly untill 5m. After that it raises an
> error:
> [crit] 5179#0: *6 SSL_do_handshake() failed (SSL: error:1408F06B:SSL
> routines:SSL3_GET_RECORD:bad decompression) while SSL handshaking to
> upstream, client: clientip, server:, request: "GET /search/
> HTTP/1.1", upstream: "https://server1-ip:443/search/", host:
> ""
> This error happens for both server1 and server2. After this, the load
> balancer is not working.


> What can be the issue? Thanks in advance.

This looks like problem with session resumption and compression in 
OpenSSL version you are using.  Obvious workaround is to use

    proxy_ssl_session_reuse off;

in nginx config, see

Alternatively you may try upgrading openssl or recompiling one you 
are using without zlib support.

Maxim Dounin

More information about the nginx mailing list