 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
10 messages in ru.sysoev.nginxRe: SSL Strangeness| From | Sent On | Attachments |
|---|---|---|
| Curtis Spencer | Nov 28, 2007 6:52 pm | |
| Curtis Spencer | Nov 28, 2007 6:53 pm | |
| Igor Sysoev | Nov 28, 2007 11:04 pm | |
| Curtis Spencer | Nov 29, 2007 1:16 pm | |
| Aleksandar Lazic | Nov 30, 2007 1:32 am | |
| Curtis Spencer | Nov 30, 2007 11:35 am | |
| Curtis Spencer | Dec 10, 2007 3:12 pm | |
| Igor Sysoev | Dec 11, 2007 12:00 am | |
| Curtis Spencer | Dec 11, 2007 12:15 pm | |
| Igor Sysoev | Dec 11, 2007 10:59 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: SSL Strangeness | Actions... |
|---|---|---|
| From: | Curtis Spencer (thor...@public.gmane.org) | |
| Date: | Nov 29, 2007 1:16:40 pm | |
| List: | ru.sysoev.nginx | |
I have been able to recreate the httperf issue on my dev server and on my production server: both running 0.5.33 and 4 mongrels behind the nginx. On the dev server I have 2 work processes with 1024 worker connections and 6 x 1024 on the production
nginx eats almost no cpu whatsoever during the test, which lends me to believe it is partially a client issue when interacting with ssl.
httperf is able to perform fast for the first few ssl tests, but then on subsequent it still goes down to 0.1 req/s. I restart nginx on the server box and the slowness persists with httperf.
Also, using the ssl_session_cache didn't make a difference on either machine.
Any other ideas?
Also here is some info about my SSL setup. One of the pems is a self signed cert and the other is a verisign, both created with openssl.
$ openssl engine -t (dynamic) Dynamic engine loading support [ unavailable ] $ openssl ciphers DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:IDEA-CBC-SHA:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC4-MD5
-Curtis
On Nov 28, 2007 11:04 PM, Igor Sysoev
<is-G...@public.gmane.org> wrote:
On Wed, Nov 28, 2007 at 06:53:04PM -0800, Curtis Spencer wrote:
I am running 4 mongrels behind nginx with two servers blocks (one ssl enabled). I have a public facing app that 20-30 users go through each day (non ssl) and administrative SSL controllers in the app that people at my office use. I am noticing that by the end of day after a lot of use of the SSL version of the app, that some requests are hanging for certain people in the office (Mac OSX and Windows Firefox 2.0.0.5-10). It very rarely hangs on my machine (Linux), but it happens every now and then. I don't think the mongrels are dying because usually when these people encounter the hangs we can go to other computers (Linux Windows OSX) in the office and hammer on the SSL portion of site with no problems. Also, the non SSL version of the site never has any hanging AFAIK.
One thing I did happen to notice as well, is if I do performance testing on SSL with httperf, at first it is decently fast, but on many sequential runs it consistently degrades until httperf can barely do any requests. However, even while I do an httperf I can use the SSL version of the site with different computers. It just hangs on some, usually towards the end of the day.
How many nginx worker processes do you use ? Does nginx eat CPU while the test ? Could you set
ssl_session_cache shared:SSL:10m;
and run httperf again ?
-- Igor Sysoev http://sysoev.ru/en/