> So, the alert is harmless and can be safely ignored.
The real problem - it doesnt, it always accompanied by something like:
nginx[32624] trap invalid opcode ip:47e04d sp:7fff6971ae50 error:0 in nginx[400000+a0000]
(exactly one "invalid opcode" for each "function you should not call" in nginx log) and session reset.
Or, in different setup - just silent crash.
I can't belive it "harmless". (And I didn't think it is just nginx problem, more likely libressl "cleanup" was somewhat unclean)
I've commented out SSL_CTX_set_tmp_rsa_callback call in http_ssl_module, and it seems right fix for my problem (at least it stops producing invalid opcode errors)
(I should to try it first, but, wrongly, decided what having !EXPORT in Ciphers prevents nginx from calling legacy code anyway)