Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7319:dcab86115261
SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).
The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can
save some CPU cycles on renegotiation attempts.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 16 Jul 2018 17:47:48 +0300 |
parents | 3443fe40bdc7 |
children | 696df3ac27ac |
comparison
equal
deleted
inserted
replaced
7318:3443fe40bdc7 | 7319:dcab86115261 |
---|---|
1191 if (flags & NGX_SSL_CLIENT) { | 1191 if (flags & NGX_SSL_CLIENT) { |
1192 SSL_set_connect_state(sc->connection); | 1192 SSL_set_connect_state(sc->connection); |
1193 | 1193 |
1194 } else { | 1194 } else { |
1195 SSL_set_accept_state(sc->connection); | 1195 SSL_set_accept_state(sc->connection); |
1196 | |
1197 #ifdef SSL_OP_NO_RENEGOTIATION | |
1198 SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION); | |
1199 #endif | |
1196 } | 1200 } |
1197 | 1201 |
1198 if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) { | 1202 if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) { |
1199 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_ex_data() failed"); | 1203 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_ex_data() failed"); |
1200 return NGX_ERROR; | 1204 return NGX_ERROR; |