ssl_requirement: transitions from https to http and vice versa are slooooow

Hi,

I'm using rails 1.2.5 along with nginx and mongrel_cluster to serve
both encrypted and unencrypted content.

I installed the ssl_requirement plugin to force https on certain pages/
actions.

ssl_requirement works, but whenever I go from an unencrypted page on
my site to an encrypted page (or vice versa) the time to render the
page is HUUUGE (around 1 minute for some simple html that should
normally take about 1 second to render).

e.g., if I am viewing this page: https://blahblah.com/stuff and I
click on a link within that page that links to http://blahblah.com/otherstuff,
my browser will churn for about 1 minute before rendering the new
page.

some interesting points.
1. this does not happen when going from https to https, nor does it
take place when going from http to http.

2. if I click on the hyperlink a *second* time while I'm waiting for
the new page to render, it renders almost immediately (i.e. I can
"coax" the new page into loading by clicking on it twice).

Any ideas as to what's causing this lag?

my nginx config file is shown below along with the top/relevant
portion of my controller that uses ssl_requirement

############begin top of controller #########
class AccountController < ApplicationController
  layout "account"
  before_filter :login_from_cookie
  ssl_required :signup, :login
##########end top of controller ##############

##########begin nginx virtual host config file ##############
# Nginx virtual host configuration file
# to be included by nginx.conf
# Load balance to mongrels
upstream mongrel_cluster {
  server 0.0.0.0:8000;
  server 0.0.0.0:8001;
  server 0.0.0.0:8002;
}
# Begin virtual host configuration
server {
  # Familiar HTTP settings
  listen 80;
  server_name e.com *.e.com;
  root /home/e2/a2/public;
  access_log /var/log/nginx/e.com.access.log main;
  error_page 500 502 503 504 /500.html;
  client_max_body_size 50M;
  # First rewrite rule for handling maintenance page
  if (-f $document_root/system/maintenance.html) {
    rewrite ^(.*)$ /system/maintenance.html last;
    break;
  }
  location / {
    index index.html index.htm;
    # Forward information about the client and host
    # Otherwise our Rails app wouldn't have access to it
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_max_temp_file_size 0;
    # Directly serve static content
    location ~ ^/(images|javascripts|stylesheets)/ {
      expires 10y;
    }
    if (-f $request_filename) {
      break;
    }
    # Directly serve cached pages
    if (-f $request_filename.html) {
      rewrite (.*) $1.html break;
    }
    # Otherwise let Mongrel handle the request
    if (!-f $request_filename) {
      proxy_pass http://mongrel_cluster;
      break;
    }
  }
}

server {

  listen 443;
  ssl on;
  #path to certificate
  ssl_certificate /etc/ssl/certs/myssl.crt;
  #path to ssl key
  ssl_certificate_key /etc/ssl/myssl.key;

server_name e.com *.e.com;
  root /home/e2/a2/public;
  access_log /var/log/nginx/e.com.access.log main;
  error_page 500 502 503 504 /500.html;
  client_max_body_size 50M;
  # First rewrite rule for handling maintenance page
  if (-f $document_root/system/maintenance.html) {
    rewrite ^(.*)$ /system/maintenance.html last;
    break;
  }

  location / {
    index index.html index.htm;
    # Forward information about the client and host
    # Otherwise our Rails app wouldn't have access to it
    # set X-FORWARDED_PROTO so ssl_requirement plugin works
    proxy_set_header X-FORWARDED_PROTO https;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_max_temp_file_size 0;
    # Directly serve static content
    location ~ ^/(images|javascripts|stylesheets)/ {
      expires 10y;
    }
    if (-f $request_filename) {
      break;
    }
    # Directly serve cached pages
    if (-f $request_filename.html) {
      rewrite (.*) $1.html break;
    }
    # Otherwise let Mongrel handle the request
    if (!-f $request_filename) {
      proxy_pass http://mongrel_cluster;
      break;
    }
  }

}