Hi! I just wanted to add my 2 cents hereā¦. - We are facing a very similar issue. During reloads of reuseport enabled configuration it sometimes happens that no workers accept new connections, bandwidth basically drops to 0 and it all reverts back to normal within few seconds. Hurts but not deadly. - Our nginx uses the Intel QAT card which allows only a limited number of user-space processes usby Tomas1345 - Nginx Development
Here https://github.com/openssl/openssl/commit/64193c8218540499984cd63cda41f3cd491f3f59 is a commit that is supposed to fix it. I am not very familiar with openssl API, but comment in nginx code says /* SSL_shutdown() never returns -1, on error it returns 0 */, which does not seem to apply anymore. Anyone ? Thanks, Tby Tomas1345 - Other discussion
I can just confirm this, happening here as well. relevant part of the config ssl_session_cache shared:SSL:40m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES1by Tomas1345 - Other discussion
Hi, as mentioned before, you are working on a feature similar to allowing variables in ssl_certificate and ssl_certificate_key directives. Is it going to be necessary to specify all possible certificates & keys at the startup/reload of nginx or are these going to be loaded somehow dynamically per request? Thanks a lot, Tomasby Tomas1345 - Nginx Mailing List - English