About a week ago, we at TravelBird had this bizarre problem with nginx workers segfaulting on TLS connections from Safari and curl, but not Firefox or Chrome. Nginx logs would state the worker process exited on signal 11 and dmesg would show the feared nginx[12345]: segfault at 8 ip 000000000042a08d sp 00007fffe5eebca0 error 4 in nginx[400000+b9000]

What made it even more weird, was that it appeared to be happening only with some certificates, but not all of them, which made us wonder if it was something unusual with the certificates themselves for a while.

Although I still cannot explain why it was consistently happening only with some browsers and some certificates, we did eventually track down the root cause of the issue. Turns out that we had some server blocks including TLS configuration which was also setting the following options:

ssl_session_cache       shared:SSL:10m;
ssl_session_timeout     10m;

With these being set all over the place (which is definitely bad irregardless of this issue, but I digress), nginx clearly wasn’t happy.

The fix was easy, obviously, but I’m putting this out here as it took me over a full day to find while Google wasn’t very helpful in giving us any leads. Perhaps someone else will run into this as well one day and find this article, hopefully saving themselves a lot of head-scratching and hair-pulling :)