Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7319:dcab86115261
SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).
The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can
save some CPU cycles on renegotiation attempts.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 16 Jul 2018 17:47:48 +0300 |
| parents | 3443fe40bdc7 |
| children | 696df3ac27ac |
comparison
equal
deleted
inserted
replaced
| 7318:3443fe40bdc7 | 7319:dcab86115261 |
|---|---|
| 1191 if (flags & NGX_SSL_CLIENT) { | 1191 if (flags & NGX_SSL_CLIENT) { |
| 1192 SSL_set_connect_state(sc->connection); | 1192 SSL_set_connect_state(sc->connection); |
| 1193 | 1193 |
| 1194 } else { | 1194 } else { |
| 1195 SSL_set_accept_state(sc->connection); | 1195 SSL_set_accept_state(sc->connection); |
| 1196 | |
| 1197 #ifdef SSL_OP_NO_RENEGOTIATION | |
| 1198 SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION); | |
| 1199 #endif | |
| 1196 } | 1200 } |
| 1197 | 1201 |
| 1198 if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) { | 1202 if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) { |
| 1199 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_ex_data() failed"); | 1203 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_ex_data() failed"); |
| 1200 return NGX_ERROR; | 1204 return NGX_ERROR; |