Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 7008:29c6d66b83ba
SSL: set TCP_NODELAY on SSL connections before handshake.
With OpenSSL 1.1.0+, the workaround for handshake buffer size as introduced
in a720f0b0e083 (ticket #413) no longer works, as OpenSSL no longer exposes
handshake buffers, see https://github.com/openssl/openssl/commit/2e7dc7cd688.
Moreover, it is no longer possible to adjust handshake buffers at all now.
To avoid additional RTT if handshake uses more than 4k we now set TCP_NODELAY
on SSL connections before handshake. While this still results in sub-optimal
network utilization due to incomplete packets being sent, it seems to be
better than nothing.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 29 May 2017 16:34:29 +0300 |
| parents | 08dc60979133 |
| children | 03444167a3bb |
comparison
equal
deleted
inserted
replaced
| 7007:ed1101bbf19f | 7008:29c6d66b83ba |
|---|---|
| 350 | 350 |
| 351 | 351 |
| 352 static ngx_int_t | 352 static ngx_int_t |
| 353 ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) | 353 ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) |
| 354 { | 354 { |
| 355 ngx_int_t rc; | 355 ngx_int_t rc; |
| 356 ngx_stream_session_t *s; | 356 ngx_stream_session_t *s; |
| 357 ngx_stream_ssl_conf_t *sslcf; | 357 ngx_stream_ssl_conf_t *sslcf; |
| 358 ngx_stream_core_srv_conf_t *cscf; | |
| 358 | 359 |
| 359 s = c->data; | 360 s = c->data; |
| 361 | |
| 362 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); | |
| 363 | |
| 364 if (cscf->tcp_nodelay && ngx_tcp_nodelay(c) != NGX_OK) { | |
| 365 return NGX_ERROR; | |
| 366 } | |
| 360 | 367 |
| 361 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { | 368 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { |
| 362 return NGX_ERROR; | 369 return NGX_ERROR; |
| 363 } | 370 } |
| 364 | 371 |