Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7008:29c6d66b83ba
SSL: set TCP_NODELAY on SSL connections before handshake.
With OpenSSL 1.1.0+, the workaround for handshake buffer size as introduced
in a720f0b0e083 (ticket #413) no longer works, as OpenSSL no longer exposes
handshake buffers, see https://github.com/openssl/openssl/commit/2e7dc7cd688.
Moreover, it is no longer possible to adjust handshake buffers at all now.
To avoid additional RTT if handshake uses more than 4k we now set TCP_NODELAY
on SSL connections before handshake. While this still results in sub-optimal
network utilization due to incomplete packets being sent, it seems to be
better than nothing.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 29 May 2017 16:34:29 +0300 |
parents | ed1101bbf19f |
children | 5e05118678af |
comparison
equal
deleted
inserted
replaced
7007:ed1101bbf19f | 7008:29c6d66b83ba |
---|---|
621 #if (NGX_HTTP_SSL) | 621 #if (NGX_HTTP_SSL) |
622 | 622 |
623 static void | 623 static void |
624 ngx_http_ssl_handshake(ngx_event_t *rev) | 624 ngx_http_ssl_handshake(ngx_event_t *rev) |
625 { | 625 { |
626 u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER + 1]; | 626 u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER + 1]; |
627 size_t size; | 627 size_t size; |
628 ssize_t n; | 628 ssize_t n; |
629 ngx_err_t err; | 629 ngx_err_t err; |
630 ngx_int_t rc; | 630 ngx_int_t rc; |
631 ngx_connection_t *c; | 631 ngx_connection_t *c; |
632 ngx_http_connection_t *hc; | 632 ngx_http_connection_t *hc; |
633 ngx_http_ssl_srv_conf_t *sscf; | 633 ngx_http_ssl_srv_conf_t *sscf; |
634 ngx_http_core_loc_conf_t *clcf; | |
634 | 635 |
635 c = rev->data; | 636 c = rev->data; |
636 hc = c->data; | 637 hc = c->data; |
637 | 638 |
638 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 639 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
709 | 710 |
710 if (n == 1) { | 711 if (n == 1) { |
711 if (buf[0] & 0x80 /* SSLv2 */ || buf[0] == 0x16 /* SSLv3/TLSv1 */) { | 712 if (buf[0] & 0x80 /* SSLv2 */ || buf[0] == 0x16 /* SSLv3/TLSv1 */) { |
712 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, | 713 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
713 "https ssl handshake: 0x%02Xd", buf[0]); | 714 "https ssl handshake: 0x%02Xd", buf[0]); |
715 | |
716 clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, | |
717 ngx_http_core_module); | |
718 | |
719 if (clcf->tcp_nodelay && ngx_tcp_nodelay(c) != NGX_OK) { | |
720 ngx_http_close_connection(c); | |
721 return; | |
722 } | |
714 | 723 |
715 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, | 724 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, |
716 ngx_http_ssl_module); | 725 ngx_http_ssl_module); |
717 | 726 |
718 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) | 727 if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) |