Dropped https client connection doesn't drop backend proxy_pass connection

Robert Mueller robm at fastmail.fm
Fri Mar 15 22:32:27 UTC 2013

> In case of https, in many (most) cases there are pending data - 
> due to various SSL packets send during connection close.  This 
> means connection close detection with https doesn't work unless 
> you use kqueue.
> Further reading:
> http://mailman.nginx.org/pipermail/nginx/2011-June/027672.html
> http://mailman.nginx.org/pipermail/nginx/2011-November/030630.html

These reports appear to relate to SSL upstream connections (both refer
to ngx_http_upstream_check_broken_connection). I'm talking about an SSL
client connection, with a plain http upstream connection.

When an https client drops it's connection, the upstream http proxy
connection is not dropped. If nginx can't detect an https client
disconnect properly, that must mean it's leaking connection information
internally doesn't it?


More information about the nginx mailing list