Hello. We recently renewed our SSL certificate. After reloading nginx the number of connections increased significantly even if the number of requests remained the same.
Trying out the debug log there are a lot of entries similar to the following:
accept: 153.185.223.172:59011 fd:5
event timer add: 5: 60000:1409550689995
reusable connection: 1
epoll add event: fd:5 op:1 ev:80002001
post event 00007FF5AB84F280
delete posted event 00007FF5AB84F280
http check ssl handshake
http recv(): 1
https ssl handshake: 0x80
SSL_do_handshake: -1
SSL_get_error: 2
reusable connection: 0
post event 00007FF5AB84F280
delete posted event 00007FF5AB84F280
SSL handshake handler: 0
SSL_do_handshake: 0
SSL_get_error: 1
SSL_do_handshake() failed (SSL: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error:SSL alert number 51) while SSL handshaking, client: 153.185.223.172, server: 0.0.0.0:443
close http connection: 5
SSL_shutdown: 1
event timer del: 5: 1409550689995
reusable connection: 0
free: 0000000001DE0DF0, unused: 0
free: 0000000001E15510, unused: 136
Our SSL certificate is a Positive SSL Wildcard from Comodo.
Output of nginx -V:
nginx version: openresty/1.7.2.1
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/openresty/nginx --with-debug --with-cc-opt='-DNGX_LUA_USE_ASSERT -DNGX_LUA_ABORT_AT_PANIC' --add-module=../ngx_devel_kit-0.2.19 --add-module=../echo-nginx-module-0.54 --add-module=../xss-nginx-module-0.04 --add-module=../ngx_coolkit-0.2rc1 --add-module=../set-misc-nginx-module-0.24 --add-module=../form-input-nginx-module-0.09 --add-module=../encrypted-session-nginx-module-0.03 --add-module=../srcache-nginx-module-0.28 --add-module=../ngx_lua-0.9.10 --add-module=../ngx_lua_upstream-0.02 --add-module=../headers-more-nginx-module-0.25 --add-module=../array-var-nginx-module-0.03 --add-module=../memc-nginx-module-0.15 --add-module=../redis2-nginx-module-0.11 --add-module=../redis-nginx-module-0.3.7 --add-module=../rds-json-nginx-module-0.13 --add-module=../rds-csv-nginx-module-0.05 --with-ld-opt=-Wl,-rpath,/usr/local/openresty/luajit/lib --with-http_stub_status_module --with-http_ssl_module
Link to the debug log, with some lines removed for privacy: http://goo.gl/xsJfNz.