Significant increase in number of connections after renewing SSL certificate
lpugoy
nginx-forum at nginx.us
Mon Sep 1 06:20:05 UTC 2014
Hello. We recently renewed our SSL certificate. After reloading nginx the
number of connections increased significantly even if the number of requests
remained the same.
Trying out the debug log there are a lot of entries similar to the
following:
accept: 153.185.223.172:59011 fd:5
event timer add: 5: 60000:1409550689995
reusable connection: 1
epoll add event: fd:5 op:1 ev:80002001
post event 00007FF5AB84F280
delete posted event 00007FF5AB84F280
http check ssl handshake
http recv(): 1
https ssl handshake: 0x80
SSL_do_handshake: -1
SSL_get_error: 2
reusable connection: 0
post event 00007FF5AB84F280
delete posted event 00007FF5AB84F280
SSL handshake handler: 0
SSL_do_handshake: 0
SSL_get_error: 1
SSL_do_handshake() failed (SSL: error:1409441B:SSL
routines:SSL3_READ_BYTES:tlsv1 alert decrypt error:SSL alert number 51)
while SSL handshaking, client: 153.185.223.172, server: 0.0.0.0:443
close http connection: 5
SSL_shutdown: 1
event timer del: 5: 1409550689995
reusable connection: 0
free: 0000000001DE0DF0, unused: 0
free: 0000000001E15510, unused: 136
Our SSL certificate is a Positive SSL Wildcard from Comodo.
Output of nginx -V:
nginx version: openresty/1.7.2.1
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/openresty/nginx --with-debug
--with-cc-opt='-DNGX_LUA_USE_ASSERT -DNGX_LUA_ABORT_AT_PANIC'
--add-module=../ngx_devel_kit-0.2.19 --add-module=../echo-nginx-module-0.54
--add-module=../xss-nginx-module-0.04 --add-module=../ngx_coolkit-0.2rc1
--add-module=../set-misc-nginx-module-0.24
--add-module=../form-input-nginx-module-0.09
--add-module=../encrypted-session-nginx-module-0.03
--add-module=../srcache-nginx-module-0.28 --add-module=../ngx_lua-0.9.10
--add-module=../ngx_lua_upstream-0.02
--add-module=../headers-more-nginx-module-0.25
--add-module=../array-var-nginx-module-0.03
--add-module=../memc-nginx-module-0.15
--add-module=../redis2-nginx-module-0.11
--add-module=../redis-nginx-module-0.3.7
--add-module=../rds-json-nginx-module-0.13
--add-module=../rds-csv-nginx-module-0.05
--with-ld-opt=-Wl,-rpath,/usr/local/openresty/luajit/lib
--with-http_stub_status_module --with-http_ssl_module
Link to the debug log, with some lines removed for privacy:
http://goo.gl/xsJfNz.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252972,252972#msg-252972
More information about the nginx
mailing list