Welcome! Log In Create A New Profile

Advanced

Re: Multiple SSL enabled hosts causes nginx to reload slowly

Maxim Dounin
May 19, 2011 06:44AM
Hello!

On Wed, May 18, 2011 at 08:40:15PM -0400, runesoerensen wrote:

> Hi,
>
> I've set up a ssl_certificate and ssl_certificate_key directives on the
> http level of my nginx configuration. The problem I'm facing is that
> starting/reloading nginx is getting slower and slower as more hosts
> (server directives) are added. The server has roughly 1000 SSL-enabled
> hosts that inherits the ssl certificate directives.
>
> I know nginx verifies the certificate when loading it, so I'm wondering
> if nginx checks the certificate each time an SSL enabled host inherits
> the shared certificate? If so, shouldn't it only check the certificate
> once? According to
> http://nginx.org/en/docs/http/configuring_https_servers.html it should
> cause all hosts to inherit a single memory footprint, but this doesn't
> seem to be the case.
>
> If this is a bug in nginx it may be an idea to completely disable
> certificate verification if possible?
>
> Any advice is highly appreciated.

Quick look suggests that time is taken mostly here in
ngx_http_ssl_module.c:

/* a temporary 512-bit RSA key is required for export versions of MSIE */
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
return NGX_CONF_ERROR;
}

As export versions of MSIE are rare and hardly supported nowadays
anyway, you may want to just nuke this code as a workaround.

I'll take a look at this further as time permits.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Multiple SSL enabled hosts causes nginx to reload slowly

runesoerensen May 18, 2011 08:40PM

Re: Multiple SSL enabled hosts causes nginx to reload slowly

Maxim Dounin May 19, 2011 06:44AM

Re: Multiple SSL enabled hosts causes nginx to reload slowly

runesoerensen July 26, 2011 10:48PM

Re: Multiple SSL enabled hosts causes nginx to reload slowly

Maxim Dounin July 27, 2011 03:28AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 117
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready