Mercurial > hg > nginx
changeset 5003:82234f3f5ca2
SSL: speedup loading of configs with many ssl servers.
The patch saves one EC_KEY_generate_key() call per server{} block by
informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
the SSL_CTX_set_tmp_ecdh() call.
For a configuration file with 10k simple server{} blocks with SSL enabled
this change reduces startup time from 18s to 5s on a slow test box here.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 09 Jan 2013 14:11:48 +0000 |
parents | 39c597272c8d |
children | 764833756dcd |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -643,10 +643,10 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_s return NGX_ERROR; } + SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE); + SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); - SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE); - EC_KEY_free(ecdh); #endif #endif