SSL with SNI, and Safari generates a segfault in Nginx.


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » CustomBuild » CustomBuild 2.0 » Nginx

SSL with SNI, and Safari generates a segfault in Nginx.Last Modified: Jul 21, 2016, 5:14 pm
If you're using your server IP for SSL on a domain, and try to load the webpage with Safari (eg: an iPhone), it may mention an error about a connection issue for https, when http works fine.   However, most other browsers may work without issue for https.

In that case, check the nginx log:

/var/log/nginx/error_log

If you see errors like the following each time you load an https page with Safari:

2014/03/26 01:53:33 [alert] 27385#0: worker process 24250 exited on signal 11
2014/03/26 01:53:33 [alert] 27385#0: worker process 24260 exited on signal 11
2014/03/26 01:53:34 [alert] 27385#0: worker process 24261 exited on signal 11

then it may imply that you're affected by this nginx bug.

It's documented here:
http://trac.nginx.org/nginx/ticket/235

The solution for a DA box would be to edit the file

/etc/nginx/nginx-defaults.conf

and find the following line:

ssl_session_cache    shared:SSL:10m;

and comment it out by adding a # character in front of it.

Restart nginx after making the change:

/etc/init.d/nginx restart


If this is a common issue, we can consider making a change to the default configs in DA to prevent the bug from happening.

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST