Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 5003:82234f3f5ca2
SSL: speedup loading of configs with many ssl servers.
The patch saves one EC_KEY_generate_key() call per server{} block by
informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
the SSL_CTX_set_tmp_ecdh() call.
For a configuration file with 10k simple server{} blocks with SSL enabled
this change reduces startup time from 18s to 5s on a slow test box here.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 09 Jan 2013 14:11:48 +0000 |
parents | f2e450929c1f |
children | 0ea36741bb35 |
comparison
equal
deleted
inserted
replaced
5002:39c597272c8d | 5003:82234f3f5ca2 |
---|---|
641 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 641 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
642 "Unable to create curve \"%s\"", name->data); | 642 "Unable to create curve \"%s\"", name->data); |
643 return NGX_ERROR; | 643 return NGX_ERROR; |
644 } | 644 } |
645 | 645 |
646 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE); | |
647 | |
646 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); | 648 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); |
647 | |
648 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE); | |
649 | 649 |
650 EC_KEY_free(ecdh); | 650 EC_KEY_free(ecdh); |
651 #endif | 651 #endif |
652 #endif | 652 #endif |
653 | 653 |