Mercurial > hg > nginx-quic
annotate src/stream/ngx_stream_ssl_module.h @ 7008:29c6d66b83ba
SSL: set TCP_NODELAY on SSL connections before handshake.
With OpenSSL 1.1.0+, the workaround for handshake buffer size as introduced
in a720f0b0e083 (ticket #413) no longer works, as OpenSSL no longer exposes
handshake buffers, see https://github.com/openssl/openssl/commit/2e7dc7cd688.
Moreover, it is no longer possible to adjust handshake buffers at all now.
To avoid additional RTT if handshake uses more than 4k we now set TCP_NODELAY
on SSL connections before handshake. While this still results in sub-optimal
network utilization due to incomplete packets being sent, it seems to be
better than nothing.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 29 May 2017 16:34:29 +0300 |
parents | 41cb1b64561d |
children | 7f955d3b9a0d |
rev | line source |
---|---|
6115 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 * Copyright (C) Nginx, Inc. | |
5 */ | |
6 | |
7 | |
8 #ifndef _NGX_STREAM_SSL_H_INCLUDED_ | |
9 #define _NGX_STREAM_SSL_H_INCLUDED_ | |
10 | |
11 | |
12 #include <ngx_config.h> | |
13 #include <ngx_core.h> | |
14 #include <ngx_stream.h> | |
15 | |
16 | |
17 typedef struct { | |
18 ngx_msec_t handshake_timeout; | |
19 | |
20 ngx_flag_t prefer_server_ciphers; | |
21 | |
22 ngx_ssl_t ssl; | |
23 | |
24 ngx_uint_t protocols; | |
25 | |
6850
41cb1b64561d
Stream: client SSL certificates verification support.
Vladimir Homutov <vl@nginx.com>
parents:
6550
diff
changeset
|
26 ngx_uint_t verify; |
41cb1b64561d
Stream: client SSL certificates verification support.
Vladimir Homutov <vl@nginx.com>
parents:
6550
diff
changeset
|
27 ngx_uint_t verify_depth; |
41cb1b64561d
Stream: client SSL certificates verification support.
Vladimir Homutov <vl@nginx.com>
parents:
6550
diff
changeset
|
28 |
6115 | 29 ssize_t builtin_session_cache; |
30 | |
31 time_t session_timeout; | |
32 | |
6550
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6115
diff
changeset
|
33 ngx_array_t *certificates; |
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6115
diff
changeset
|
34 ngx_array_t *certificate_keys; |
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6115
diff
changeset
|
35 |
6115 | 36 ngx_str_t dhparam; |
37 ngx_str_t ecdh_curve; | |
6850
41cb1b64561d
Stream: client SSL certificates verification support.
Vladimir Homutov <vl@nginx.com>
parents:
6550
diff
changeset
|
38 ngx_str_t client_certificate; |
41cb1b64561d
Stream: client SSL certificates verification support.
Vladimir Homutov <vl@nginx.com>
parents:
6550
diff
changeset
|
39 ngx_str_t trusted_certificate; |
41cb1b64561d
Stream: client SSL certificates verification support.
Vladimir Homutov <vl@nginx.com>
parents:
6550
diff
changeset
|
40 ngx_str_t crl; |
6115 | 41 |
42 ngx_str_t ciphers; | |
43 | |
44 ngx_array_t *passwords; | |
45 | |
46 ngx_shm_zone_t *shm_zone; | |
47 | |
48 ngx_flag_t session_tickets; | |
49 ngx_array_t *session_ticket_keys; | |
50 } ngx_stream_ssl_conf_t; | |
51 | |
52 | |
53 extern ngx_module_t ngx_stream_ssl_module; | |
54 | |
55 | |
56 #endif /* _NGX_STREAM_SSL_H_INCLUDED_ */ |