Welcome! Log In Create A New Profile

Advanced

Significant increase in number of connections after renewing SSL certificate

September 01, 2014 02:20AM
Hello. We recently renewed our SSL certificate. After reloading nginx the number of connections increased significantly even if the number of requests remained the same.

Trying out the debug log there are a lot of entries similar to the following:
accept: 153.185.223.172:59011 fd:5
event timer add: 5: 60000:1409550689995
reusable connection: 1
epoll add event: fd:5 op:1 ev:80002001
post event 00007FF5AB84F280
delete posted event 00007FF5AB84F280
http check ssl handshake
http recv(): 1
https ssl handshake: 0x80
SSL_do_handshake: -1
SSL_get_error: 2
reusable connection: 0
post event 00007FF5AB84F280
delete posted event 00007FF5AB84F280
SSL handshake handler: 0
SSL_do_handshake: 0
SSL_get_error: 1
SSL_do_handshake() failed (SSL: error:1409441B:SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error:SSL alert number 51) while SSL handshaking, client: 153.185.223.172, server: 0.0.0.0:443
close http connection: 5
SSL_shutdown: 1
event timer del: 5: 1409550689995
reusable connection: 0
free: 0000000001DE0DF0, unused: 0
free: 0000000001E15510, unused: 136

Our SSL certificate is a Positive SSL Wildcard from Comodo.

Output of nginx -V:
nginx version: openresty/1.7.2.1
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/openresty/nginx --with-debug --with-cc-opt='-DNGX_LUA_USE_ASSERT -DNGX_LUA_ABORT_AT_PANIC' --add-module=../ngx_devel_kit-0.2.19 --add-module=../echo-nginx-module-0.54 --add-module=../xss-nginx-module-0.04 --add-module=../ngx_coolkit-0.2rc1 --add-module=../set-misc-nginx-module-0.24 --add-module=../form-input-nginx-module-0.09 --add-module=../encrypted-session-nginx-module-0.03 --add-module=../srcache-nginx-module-0.28 --add-module=../ngx_lua-0.9.10 --add-module=../ngx_lua_upstream-0.02 --add-module=../headers-more-nginx-module-0.25 --add-module=../array-var-nginx-module-0.03 --add-module=../memc-nginx-module-0.15 --add-module=../redis2-nginx-module-0.11 --add-module=../redis-nginx-module-0.3.7 --add-module=../rds-json-nginx-module-0.13 --add-module=../rds-csv-nginx-module-0.05 --with-ld-opt=-Wl,-rpath,/usr/local/openresty/luajit/lib --with-http_stub_status_module --with-http_ssl_module

Link to the debug log, with some lines removed for privacy: http://goo.gl/xsJfNz.
Subject Author Posted

Significant increase in number of connections after renewing SSL certificate

lpugoy September 01, 2014 02:20AM

Re: Significant increase in number of connections after renewing SSL certificate

Lukas Tribus September 01, 2014 02:40AM

Re: Significant increase in number of connections after renewing SSL certificate

lpugoy September 01, 2014 03:04AM

Re: Significant increase in number of connections after renewing SSL certificate

lpugoy September 01, 2014 03:11AM

Re: Significant increase in number of connections after renewing SSL certificate

Lukas Tribus September 01, 2014 03:12AM

Re: Significant increase in number of connections after renewing SSL certificate

dewanggaba September 01, 2014 03:16AM

Re: Significant increase in number of connections after renewing SSL certificate

lpugoy September 01, 2014 03:20AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 66
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready