signal 11 on 1.8.0 SSL shared cache + Safari

Alexander Moskalenko alexander.moskalenko at gmail.com
Wed Jun 17 09:13:45 UTC 2015


Приветствую,

Проблема только в Safari при использовании
ssl_session_cache    shared:SSL:10m;

если установить в builtin либо вообще выключить то все работает

в Safari при этом 'connection closed'

2015/06/17 11:01:46 [alert] 24556#0: worker process 24995 exited on signal
11

# nginx -V
nginx version: nginx/1.8.0
built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx
--with-http_ssl_module --with-http_realip_module
--with-http_addition_module --with-http_sub_module --with-http_dav_module
--with-http_flv_module --with-http_mp4_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_random_index_module
--with-http_secure_link_module --with-http_stub_status_module
--with-http_auth_request_module --with-mail --with-mail_ssl_module
--with-file-aio --with-ipv6 --with-http_spdy_module --with-cc-opt='-O2 -g
-pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic'

Конфиг:
server {
    listen 80;
    listen 443 ssl spdy;
    server_name <hostname>;

    add_header Access-Control-Allow-Origin *;

ssl_session_timeout  5m;
ssl_session_cache    shared:SSL:10m;

ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_buffer_size 8k;
ssl_ciphers
'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS';
ssl_prefer_server_ciphers   on;
proxy_set_header SSL   $https;

    ssl_certificate ssl/<hostname>.pem;
    ssl_certificate_key ssl/<hostname>.key;

error_page 405 = $uri;
    location / {
            client_max_body_size 800m;
            proxy_pass http://upstream;
            proxy_set_header Host $http_host;
            proxy_buffering off;
            proxy_read_timeout 10m;
    }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-ru/attachments/20150617/abb09201/attachment.html>


Подробная информация о списке рассылки nginx-ru