ssl_handshake_timeout
The ssl_handshake_timeout directive sets the maximum time allowed for an SSL handshake to complete.
Description
The ssl_handshake_timeout directive is used within the NGINX Stream Core module to specify the maximum duration (in seconds) that the server will wait for an SSL handshake to complete when establishing secure connections. Properly configuring this timeout is crucial to ensure that clients do not hang indefinitely while attempting to establish a secure connection. If the specified time limit is exceeded, the connection will be aborted, and an error will be logged by the server.
The argument to this directive is a time value specified in seconds. If the handshake does not complete before the specified timeout, the server will terminate the connection. This directive is especially important for high-reflection applications that require secure connections, as maintaining low latency during the handshake process is critical for performance and user experience. By setting the timeout value appropriately based on the expected network conditions and client behavior, server administrators can optimize the handling of SSL connections effectively.
This directive can be declared in both stream and stream server contexts, allowing for flexibility in configuring SSL timeout behavior on a per-server basis. It's important to note that this directive is only applicable when SSL is enabled in the stream module, and extensive testing should be conducted to find the optimal timeout for specific use cases.
Config Example
stream {
server {
listen 443;
ssl_handshake_timeout 10s;
ssl_preread on;
}
}Make sure that SSL is enabled in your NGINX stream configuration before using this directive, as it only applies in that context.
Setting the timeout too low might result in legitimate clients being disconnected during slow handshakes, especially in high-latency networks.