Hi,
One of our clients recently updated their infrastructure as part of their ongoing security maintenance exercise which includes an OpenSSL library update (from V1 to V3).
Unfortunately, OpenSSL 3 has a much more strict behaviour about unexpected EOF - which is triggered when a mandatory close_notify alert is not sent out by their peer (i.e. in this case, Our APIs) before closing a TLS connection
On our side, NGINX ECS service sits in front of our APIs. So the flow is
Client Service — NGINX ECS Service – Application ECS Service
From the nginx official documentation, keepalive_timeout serves the purpose
I have configured its value as 0s.My understanding is that now no connections will be reused and there will be one connection[opened and closed] per http request which will in term cause latency and performance issues. Setting this directive to zero is against the Persistent connection model mentioned here which emphasises on resource reuse Connection management in HTTP/1.x - HTTP | MDN
Please let me know if my understanding is correct and also if there is any other nginx directive I can use for better connection handling