OpenSSL PKCS#11 Engine cannot be reused in child process, worker SSL sessions fail

Anthony Alba ascanio.alba7 at
Sat Jul 25 16:20:25 UTC 2015

Hi developers,

I am using nginx with an OpenSSL engine (Safenet Luna) which is a
wrapper over PKCS#11.

The handles return by ENGINE_load_private_key cannot be used in child
processes, aka, workers due to PKCS#11, thus causing SSL connection

The private key seems to be loaded in ngx_ssl_certificate(); is there
a way to tell nginx to call this function per child process?


More information about the nginx-devel mailing list