Mercurial > hg > nginx-quic
comparison src/stream/ngx_stream_ssl_module.c @ 7008:29c6d66b83ba
SSL: set TCP_NODELAY on SSL connections before handshake.
With OpenSSL 1.1.0+, the workaround for handshake buffer size as introduced
in a720f0b0e083 (ticket #413) no longer works, as OpenSSL no longer exposes
handshake buffers, see https://github.com/openssl/openssl/commit/2e7dc7cd688.
Moreover, it is no longer possible to adjust handshake buffers at all now.
To avoid additional RTT if handshake uses more than 4k we now set TCP_NODELAY
on SSL connections before handshake. While this still results in sub-optimal
network utilization due to incomplete packets being sent, it seems to be
better than nothing.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 29 May 2017 16:34:29 +0300 |
parents | 08dc60979133 |
children | 03444167a3bb |
comparison
equal
deleted
inserted
replaced
7007:ed1101bbf19f | 7008:29c6d66b83ba |
---|---|
350 | 350 |
351 | 351 |
352 static ngx_int_t | 352 static ngx_int_t |
353 ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) | 353 ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) |
354 { | 354 { |
355 ngx_int_t rc; | 355 ngx_int_t rc; |
356 ngx_stream_session_t *s; | 356 ngx_stream_session_t *s; |
357 ngx_stream_ssl_conf_t *sslcf; | 357 ngx_stream_ssl_conf_t *sslcf; |
358 ngx_stream_core_srv_conf_t *cscf; | |
358 | 359 |
359 s = c->data; | 360 s = c->data; |
361 | |
362 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); | |
363 | |
364 if (cscf->tcp_nodelay && ngx_tcp_nodelay(c) != NGX_OK) { | |
365 return NGX_ERROR; | |
366 } | |
360 | 367 |
361 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { | 368 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { |
362 return NGX_ERROR; | 369 return NGX_ERROR; |
363 } | 370 } |
364 | 371 |