SSL handshaking very slow

hi there,
I’m running the latest stable version of nginx and running into a
strange issue. after a few hour of operation, SSL handshaking stars to
become very, very slow. in some cases, establishing an SSL connection
will take over 30 seconds and the browser consequently timeouts. that
said, when an SSL connection is established, everything is blazing fast.
similarly, accessing the site over HTTP is fast.

restarting nginx doesn’t seem to fix the machine once it gets into this
state. the only fix is to restart the whole machine. I generally have
something like 20k SSL sessions active on this machine. changing the SSL
session timeouts, etc. has no effect once the machine gets into this
state. are there any obvious parameters (either nginx specific or
system) that I should be looking at? thanks greatly in advance.

-arash

Posted at Nginx Forum:

Arash,

It sounds like your system is running out of entropy. Every time a new
SSL connection is made the system needs to have a certain amount of
“randomness” to make new ssl key negotiations. 20K new connections
seems like a entropy resource starvation. If you are running Linux
check out “rngd” and take a look at our page at the following link.

Entropy and Random Number Generators
https://calomel.org/entropy_random_number_generators.html


Calomel @ https://calomel.org
Open Source Research and Reference