Forum: NGINX SSL_write failed (32: Broken pipe) while processing SPDY if cache on

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Michael Giagnocavo (Guest)
on 2014-04-09 08:21
(Received via mailing list)
We're using nginx 1.5.12 and 1.5.13 on Ubuntu 12.04 LTS via Azure VM.

Since last night, on both FireFox and Chrome, Windows and OSX, we're
having difficulty with SPDY. If the browser cache is warm and
proxy_cache is enabled, we see errors like this:

2014/04/09 05:26:29 [info] 17859#0: *6 SSL_write() failed (SSL:) (32:
Broken pipe) while processing SPDY, client: my.ip, server:

On the client side, for instance in Chrome, we see:
t=1397021193179 [st= 386]        SPDY_STREAM_ERROR
                                 --> description = "ABANDONED
                                 --> status = -100
                                 --> stream_id = 13

When this happens the request will be listed as Aborted (Firebug) or
ERR_EMPTY_RESPONSE (Chrome) and the SSL_write info line is logged on
nginx. No errors are logged. The site never finishes fully loading.
Here's more of the Chrome net-internals:

If the browser cache is cleared manually or disabled, the problem goes
away. With proxy_cache off, the problem goes away. The cache config is:

  proxy_cache_key $scheme$proxy_host$host$uri$is_args$args;
  proxy_temp_path /mnt/proxy_temp 1 2;
  proxy_cache_path /mnt/proxy_cache levels=1:2 keys_zone=czone:256m;
  proxy_cache_valid any      20s;
  proxy_cache_valid 200      5m;
  proxy_cache czone;

Here is debug output from nginx:

I'm thinking perhaps there is a race condition and the lack of caching
fixes it by adding some latency?

If SPDY or caching is disabled, everything works fine. Things that don't
help: disabling SSLv3, disabling gzip, ssl cache on/off,
spdy_headers_comp 0/5, removing SNI (delete all but one server block).
Yes, we updated OpenSSL and our certificates, but we tried with old
certificates and the problem persists. Strangely, proxy_buffering off
doesn't help (I thought since it disabled the cache, it'd have the same
end effect).

Site is just reverse proxying; no local resources (there is a Lua script
that is not hit, but we removed that and it made no difference).

How can I further debug this?

Valentin V. Bartenev (Guest)
on 2014-04-09 09:30
(Received via mailing list)
On Wednesday 09 April 2014 06:20:42 Michael Giagnocavo wrote:
>                                  --> stream_id = 13
>   proxy_cache czone;
You've likely encountered this bug:

To confirm this, please try the patch from the ticket.

  wbr, Valentin V. Bartenev
Michael Giagnocavo (Guest)
on 2014-04-09 18:33
(Received via mailing list)
Thanks a ton, that worked. I read a few bug reports but didn't see that
one. I'm not sure how our config worked previously since we've been
using SPDY and proxy_cache for a month :\.

This topic is locked and can not be replied to.