Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7008:29c6d66b83ba
SSL: set TCP_NODELAY on SSL connections before handshake.
With OpenSSL 1.1.0+, the workaround for handshake buffer size as introduced
in a720f0b0e083 (ticket #413) no longer works, as OpenSSL no longer exposes
handshake buffers, see https://github.com/openssl/openssl/commit/2e7dc7cd688.
Moreover, it is no longer possible to adjust handshake buffers at all now.
To avoid additional RTT if handshake uses more than 4k we now set TCP_NODELAY
on SSL connections before handshake. While this still results in sub-optimal
network utilization due to incomplete packets being sent, it seems to be
better than nothing.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 29 May 2017 16:34:29 +0300 |
| parents | ed1101bbf19f |
| children | 5e05118678af |
comparison
equal
deleted
inserted
replaced
| 7007:ed1101bbf19f | 7008:29c6d66b83ba |
|---|---|
| 621 #if (NGX_HTTP_SSL) | 621 #if (NGX_HTTP_SSL) |
| 622 | 622 |
| 623 static void | 623 static void |
| 624 ngx_http_ssl_handshake(ngx_event_t *rev) | 624 ngx_http_ssl_handshake(ngx_event_t *rev) |
| 625 { | 625 { |
| 626 u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER + 1]; | 626 u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER + 1]; |
| 627 size_t size; | 627 size_t size; |
| 628 ssize_t n; | 628 ssize_t n; |
| 629 ngx_err_t err; | 629 ngx_err_t err; |
| 630 ngx_int_t rc; | 630 ngx_int_t rc; |
| 631 ngx_connection_t *c; | 631 ngx_connection_t *c; |
| 632 ngx_http_connection_t *hc; | 632 ngx_http_connection_t *hc; |
| 633 ngx_http_ssl_srv_conf_t *sscf; | 633 ngx_http_ssl_srv_conf_t *sscf; |
| 634 ngx_http_core_loc_conf_t *clcf; | |
| 634 | 635 |
| 635 c = rev->data; | 636 c = rev->data; |
| 636 hc = c->data; | 637 hc = c->data; |
| 637 | 638 |
| 638 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 639 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
| 709 | 710 |
| 710 if (n == 1) { | 711 if (n == 1) { |
| 711 if (buf[0] & 0x80 /* SSLv2 */ || buf[0] == 0x16 /* SSLv3/TLSv1 */) { | 712 if (buf[0] & 0x80 /* SSLv2 */ || buf[0] == 0x16 /* SSLv3/TLSv1 */) { |
| 712 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 713 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
| 713 "https ssl handshake: 0x%02Xd", buf[0]); | 714 "https ssl handshake: 0x%02Xd", buf[0]); |
| 715 | |
| 716 clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, | |
| 717 ngx_http_core_module); | |
| 718 | |
| 719 if (clcf->tcp_nodelay && ngx_tcp_nodelay(c) != NGX_OK) { | |
| 720 ngx_http_close_connection(c); | |
| 721 return; | |
| 722 } | |
| 714 | 723 |
| 715 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, | 724 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, |
| 716 ngx_http_ssl_module); | 725 ngx_http_ssl_module); |
| 717 | 726 |
| 718 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) | 727 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) |