SSL handshaking very slow

Calomel Org infallibilismindefeasibility at calomel.org
Fri Nov 26 18:37:24 MSK 2010


Arash,

It sounds like your system is running out of entropy. Every time a new
SSL connection is made the system needs to have a certain amount of
"randomness" to make new ssl key negotiations. 20K new connections
seems like a entropy resource starvation. If you are running Linux
check out "rngd" and take a look at our page at the following link. 

Entropy and Random Number Generators
https://calomel.org/entropy_random_number_generators.html

--
   Calomel @ https://calomel.org
   Open Source Research and Reference


On Thu, Nov 25, 2010 at 06:41:08AM -0500, arashf wrote:
>hi there,
>I'm running the latest stable version of nginx and running into a
>strange issue. after a few hour of operation, SSL handshaking stars to
>become very, very slow. in some cases, establishing an SSL connection
>will take over 30 seconds and the browser consequently timeouts. that
>said, when an SSL connection is established, everything is blazing fast.
>similarly, accessing the site over HTTP is fast. 
>
>restarting nginx doesn't seem to fix the machine once it gets into this
>state. the only fix is to restart the whole machine. I generally have
>something like 20k SSL sessions active on this machine. changing the SSL
>session timeouts, etc. has no effect once the machine gets into this
>state. are there any obvious parameters (either nginx specific or
>system) that I should be looking at? thanks greatly in advance.
>
>-arash
>
>Posted at Nginx Forum: http://forum.nginx.org/read.php?2,153231,153231#msg-153231
>
>
>_______________________________________________
>nginx mailing list
>nginx at nginx.org
>http://nginx.org/mailman/listinfo/nginx




More information about the nginx mailing list