Issue in ssl negociation

brunoa nginx-forum at
Thu Dec 8 00:02:18 UTC 2011

Hi Maxim,

> This may indicate different network paths, with
> some of them 
> filtering ICMP frag-needed packets, and others
> don't (or at least 
> doing MSS clamp).  Alternatively, blackhole
> detection might come 
> and magically fix things.

Indeed, blackhole detection solved my issue. Thanks for your expertise

# echo 2 > /proc/sys/net/ipv4/tcp_mtu_probing

and also in sysctl.conf.

Now, TCP packets have a size of 564 octets (probably due to tcp_base_mss
default value), which may not be optimal but is ok for now.


Posted at Nginx Forum:,219756,219776#msg-219776

More information about the nginx mailing list