id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1646 Nginx 1.15.4 segfault during normal ssllabs.com test marcin.wanat@… Maxim Dounin "I have compiled latest nginx 1.15.4 and noticed that it segfault every time when trying to do ssllabs test (https://www.ssllabs.com/ssltest/) on any vhost. It always segfault during ""Testing renegotiation"" stage. I have generated core dump and backtrace is always the same: backtrace #0 ngx_http_ssl_servername (ssl_conn=0x1eccef0, ad=0x7ffd4e5949d0, arg=0x0) at src/http/ngx_http_request.c:878 #1 0x000000000057bc9f in ssl_parse_clienthello_tlsext () #2 0x000000000057227e in tls_process_client_hello () #3 0x00000000005678bd in state_machine () #4 0x000000000054fd42 in ssl3_read_bytes () #5 0x00000000005556a5 in ssl3_read () #6 0x000000000055edc9 in SSL_read () #7 0x0000000000495f76 in ngx_ssl_recv (c=0x1c18a40, buf=0x1efb21a """", size=886) at src/event/ngx_event_openssl.c:1746 #8 0x00000000004b00ed in ngx_http_read_request_header (r=0x1da0e60) at src/http/ngx_http_request.c:1418 #9 0x00000000004afc46 in ngx_http_process_request_headers (rev=0x1c8f730) at src/http/ngx_http_request.c:1285 #10 0x0000000000491415 in ngx_epoll_process_events (cycle=0x162e050, timer=42349, flags=1) at src/event/modules/ngx_epoll_module.c:902 #11 0x0000000000481540 in ngx_process_events_and_timers (cycle=0x162e050) at src/event/ngx_event.c:242 #12 0x000000000048ebe8 in ngx_worker_process_cycle (cycle=0x162e050, data=0x0) at src/os/unix/ngx_process_cycle.c:750 #13 0x000000000048bac8 in ngx_spawn_process (cycle=0x162e050, proc=0x48eb3a , data=0x0, name=0x6e7ee8 ""worker process"", respawn=-3) at src/os/unix/ngx_process.c:199 #14 0x000000000048ddfd in ngx_start_worker_processes (cycle=0x162e050, n=4, type=-3) at src/os/unix/ngx_process_cycle.c:359 #15 0x000000000048d54d in ngx_master_process_cycle (cycle=0x162e050) at src/os/unix/ngx_process_cycle.c:131 #16 0x000000000044e751 in main (argc=1, argv=0x7ffd4e5953d8) at src/core/nginx.c:382 Tested on different servers and OSes (Fedora 28, Centos 7.5) with different configs, every time it results in segfault. The same problem exists when compiled with openssl-1.1.1 or with openssl-1.1.0i. My test config is: worker_processes 4; events { worker_connections 2048; } http { ssl_dhparam /usr/local/nginx/conf/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; server { listen xx.xx.xx.xx:443; server_name www.xxx.com ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem; location / { root /srv/www; } }" defect closed major other 1.15.x fixed Linux local 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.15.4 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) built with OpenSSL 1.1.1 11 Sep 2018 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-threads --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-openssl=../openssl-1.1.1"