Consider the case where nginx is used as a reverse proxy, and upstream is doing some server push (the http request never ends).
You are saying that timeouts/keepalive should be used. I would agree with you, and I actually made a module for nginx+tcp_keepalive: https://github.com/nviennot/nginx-tcp-keepalive
But that's not enough. The closed SSL connection stays open from nginx point of view, even though it doesn't appear anymore in netstat.
On the other hand, when upstream sends something, nginx write() to the closed socket will fail with EPIPE.
Maybe you were referring using keepalive by having upstream periodically sending data to the client.
But that's adding a requirement on the upstream logic, which is why it's not just an optimization problem, but an actual bug, when upstream rely on nginx to close the connection when the client does to detect its presence.
Bottom line: I'll send a patch with EPOLLRDHUP. Also feel free to comment on the tcp-keepalive module.