Websocket tunnel broken with existing SSL session

Maxim Dounin mdounin at mdounin.ru
Wed Jan 15 16:15:23 UTC 2014


On Wed, Jan 15, 2014 at 12:16:18PM +0000, Eiríkur Nilsson wrote:

> Thanks for the suggestion.
> We're not specifying a event method currently, though I can't see if
> eventport was the default. If I explicitly use /dev/poll, and turn
> ssl_session_cache back on, the issue comes back.
> I have verified that both the HTTP request and response are proxied
> properly. It seems to me that when the upgrade is finished nginx enters
> direct tunneling mode for the websocket data, which doesn't work for some
> sockets, at least these recovered SSL sessions from iOS clients.
> The event method issue would have explained why I can't reproduce the issue
> on mac (with self signed cert). I also haven't reproduced it with an
> Android client, although I did not verify with tcpdump if my android test
> reused the SSL session.
> Any other ideas?

It might be helpfull to see debug log and a tcpdump.  See also 
http://wiki.nginx.org/Debugging for hints.

Maxim Dounin

More information about the nginx mailing list