id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1194 SSL_write fails with 'bad write retry' error 13@… "there is noticeable periodic rate of 'SSL_write() failed (SSL: error:1409F07F:SSL routines:ssl3_write_pending:bad write retry) while sending response to client' errors and according attached debug log the issue is happening when client closes connection right after ssl negotiation and sending http requests. It causes SSL_write error for sending 'send 100 Continue' followed by SSL_write with ssl3_write_pending error during sending 500 static page. Please check attached log for more details, but here is some details: 1. SSL negotiation has been completed and nginx reads requests and client closes connection for some reason: {{{ 2017/01/14 02:46:58 [debug] 14576#0: *358792 accept: X.X.X.X:51644 fd:117 ... 2017/01/14 02:46:58 [debug] 14576#0: *358792 SSL_do_handshake: 1 ... 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL_read: 455 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL_read: 0 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL_get_error: 6 2017/01/14 02:46:59 [debug] 14576#0: *358792 peer shutdown SSL cleanly 2017/01/14 02:46:59 [debug] 14576#0: *358792 reusable connection: 0 }}} 2. nginx starts to handle request and after processing tries to send 100 continue to the client, but it fails {{{ 2017/01/14 02:46:59 [debug] 14576#0: *358792 post access phase: 11 2017/01/14 02:46:59 [debug] 14576#0: *358792 send 100 Continue 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL to write: 25 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL_write: -1 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL_get_error: 5 2017/01/14 02:46:59 [info] 14576#0: *358792 SSL_write() failed (SSL:) (32: Broken pipe), client: X.X.X.X, server: A.B.C, request: ""POST /X/Y/Z?k1=v1&k2=v2 HTTP/1.1"", host: ""A.B.C"" }}} 3. nginx tries to send static page with 500 status code as a result of broken pipe, but it fails with 'bad write retry' error. {{{ 2017/01/14 02:46:59 [debug] 14576#0: *358792 http finalize request: 500, ""/X/Y/Z?k1=v1&k2=v2"" a:1, c:1 2017/01/14 02:46:59 [debug] 14576#0: *358792 http special response: 500, ""/X/Y/Z?k1=v1&k2=v2"" ... 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL buf copy: 300 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL buf copy: 14343 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL to write: 14643 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL_write: -1 2017/01/14 02:46:59 [debug] 14576#0: *358792 SSL_get_error: 1 2017/01/14 02:46:59 [crit] 14576#0: *358792 SSL_write() failed (SSL: error:1409F07F:SSL routines:ssl3_write_pending:bad write retry) while sending response to client, client: X.X.X.X, server: A.B.C, request: ""POST /X/Y/Z?k1=v1&k2=v2 HTTP/1.1"", host: ""A.B.C"" }}} " defect closed minor other 1.9.x fixed Linux 3.16.XXXX x86_64 "nginx version: nginx/1.9.15 (1.9.15.dbx24, xxx, 2016-10-12 18:52:28 UTC (release)) built with OpenSSL 1.0.2j 26 Sep 2016 TLS SNI support enabled configure arguments: --prefix=/usr/local --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/client_temp --http-proxy-temp-path=/var/lib/nginx/proxy_temp --http-fastcgi-temp-path=/var/lib/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/lib/nginx/uwsgi_temp --http-scgi-temp-path=/var/lib/nginx/scgi_temp --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-ipv6 --with-md5-asm --with-sha1-asm --with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --build='1.9.15.dbx24, xxx, 2016-10-12 18:52:28 UTC (release)' --builddir=objs-release --with-openssl=opaque-build/openssl-1.0.2j --with-zlib=opaque-build/zlib-1.2.8 --with-pcre=opaque-build/pcre-8.38 --with-pcre-opt=-DSUPPORT_UCP --with-pcre-jit --with-openssl-opt='no-seed no-bf no-cast no-md2 no-md4 no-ripemd no-krb5 no-jpake no-capieng no-idea no-rc5 no-mdc2 no-ssl2 threads enable-tlsext no-shared enable-ec_nistp_64_gcc_128' --add-module=opaque-build/ngx_devel_kit-0.2.19 --add-module=opaque-build/lua-nginx-module-0.10.2 --add-module=opaque-build/headers-more-nginx-0.29 --add-module=opaque-build/ngx_http_ip_tos_filter_module --add-module=modules/dbx_dials_module --add-module=modules/nginx_upstream_check_module --add-module=modules/ngx_http_streaming_filter_module --add-module=modules/ngx_http_upstream_dynamic_module"