Welcome! Log In Create A New Profile

Advanced

limit_conn before SSL handshake

September 09, 2013 06:44PM
Currently the limit_conn and limit_conn_zone config options have this
context (can only be used inside these config scopes).
context: http,server,location
http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn

Those 2 configs have no way to prevent nginx from negotiating the SSL
handshake, since they only apply after nginx has a HTTP request.
This means the nginx server can become CPU bound by spending all it's time
in SSL only to have the request dropped by limit_conn.

How about making limit_conn and limit_conn_zone be applied before the SSL
handshake so precious CPU isn't spent negotiating an SSL session when the
connection limit will end up blocking the request anyway?

--
Alan
http://ahamlett.com/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

limit_conn before SSL handshake

alanhamlett 858 September 09, 2013 06:44PM

Re: limit_conn before SSL handshake

Maxim Dounin 385 September 10, 2013 08:30AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 157
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready