I am experiencing this bug in a production system. (SSL closes are not detected, thus sockets stay in CLOSE_WAIT state forever -- nice DoS).

I was looking at nginx sources, and it seems that this bug has not been fixed.
The alternative is to use stunnel with the X-Forwarded-For patch, but that's way too messy.

In ngx_http_upstream_check_broken_connection(), there seems to be a different path for kqueue. What about modifying the poll/epoll behavior to detect disconnections for other event modules ? In ngx_epoll_add_connection(), we can add the EPOLLHUP event, and mark the connection as disconnected when processing HUP events instead of using the buggy MSG_PEEK hack