Bad Decompression error after default ssl_session_timeout
Maxim Dounin
mdounin at mdounin.ru
Tue May 22 17:27:44 UTC 2012
Hello!
On Tue, May 22, 2012 at 03:15:31AM -0400, lima wrote:
> Hi,
>
> I have an LB setup with nginx for an ssl enabled site which load balance
> with 2 apache servers. All the servers are CentOS5.5* and OpenSSL
> 0.9.8e-fips-rhel5 01 Jul 2008. Also we are using the same SSL
> certificate on all the 3 servers.
>
> It does load balance perfectly untill 5m. After that it raises an
> error:
>
> [crit] 5179#0: *6 SSL_do_handshake() failed (SSL: error:1408F06B:SSL
> routines:SSL3_GET_RECORD:bad decompression) while SSL handshaking to
> upstream, client: clientip, server: lb.abcd.net, request: "GET /search/
> HTTP/1.1", upstream: "https://server1-ip:443/search/", host:
> "lb.abcd.net"
>
> This error happens for both server1 and server2. After this, the load
> balancer is not working.
[...]
> What can be the issue? Thanks in advance.
This looks like problem with session resumption and compression in
OpenSSL version you are using. Obvious workaround is to use
proxy_ssl_session_reuse off;
in nginx config, see http://nginx.org/r/proxy_ssl_session_reuse.
Alternatively you may try upgrading openssl or recompiling one you
are using without zlib support.
Maxim Dounin
More information about the nginx
mailing list