# Nginx SSL session cache error **URL:** https://discourse.roots.io/t/nginx-ssl-session-cache-error/22140 **Category:** trellis **Created:** 2022-01-20T15:30:42Z **Posts:** 5 ## Post 1 by @strarsis — 2022-01-20T15:30:42Z Encountered this again in a site `error.log`: ``` could not allocate new session in SSL session shared cache "SSL" while SSL handshaking ``` This still seems to happen sporadically (latest Trellis). Previous discussion: > [@Could not allocate new session in SSL session shared cache "SSL" while SSL handshaking](https://discourse.roots.io/t/could-not-allocate-new-session-in-ssl-session-shared-cache-ssl-while-ssl-handshaking/21233): > > New log entries from nginx: could not allocate new session in SSL session shared cache "SSL" while SSL handshaking Apparently this happens when a specific nginx cache becomes too full. Any ways to prevent this? Increase some nginx option? --- ## Post 2 by @swalkinshaw — 2022-01-20T19:35:15Z > **[Could not allocate new session in SSL session shared cache “le_nginx_SSL”...](https://community.letsencrypt.org/t/could-not-allocate-new-session-in-ssl-session-shared-cache-le-nginx-ssl-while-ssl-handshaking/140244/2)** > > Does your site get a lot of traffic? As https://trac.nginx.org/nginx/ticket/621 explain, this message is harmless. It won't cause errors for visitors. Instead, affected returning visitors would take a small efficiency penalty from not having SSL... Does this help? This would need to be tweaked: [trellis/ssl.conf at 17430191bb7211545eb63ba3ba989ee95c262c5f · roots/trellis · GitHub](https://github.com/roots/trellis/blob/17430191bb7211545eb63ba3ba989ee95c262c5f/roles/nginx/templates/h5bp/directive-only/ssl.conf#L9) I’d be open to a better default (if there is one), just not sure what it should be. --- ## Post 3 by @strarsis — 2022-01-20T22:34:16Z Thanks! (Linked discussion) > As [https://trac.nginx.org/nginx/ticket/621](https://trac.nginx.org/nginx/ticket/621) explain, this message is harmless. It won’t cause errors for visitors. Instead, affected returning visitors would take a small efficiency penalty from not having SSL session resumption. > Tuning these is tricky; there don’t seem to be any concrete answers for “what values should I use when I get x SSL clients per day?”. There seem to be some performance and security implications either way. To further complicate things, TLS 1.2 and TLS 1.3 differ with this specific configuration (session ID resumption only for the former, stateful tickets for the latter). 1. So this error isn’t nothing worrisome and doesn’t really impact the user experience. 2. It is hard to determine a good default value in advance. IMHO a note in the Trellis documentation about this particular nginx error (that it isn’t something worrisome) and how to prevent it seems to be the best solution then. --- ## Post 4 by @swalkinshaw — 2022-01-20T22:46:40Z > [@strarsis](#): > > IMHO a note in the Trellis documentation about this particular nginx error (that it isn’t something worrisome) and how to prevent it seems to be the best solution then. :+1: you are free to add that :smile: --- ## Post 5 by @system — 2022-03-03T15:31:10Z This topic was automatically closed after 42 days. New replies are no longer allowed.