Mercurial > hg > nginx
diff src/stream/ngx_stream_ssl_module.c @ 7008:29c6d66b83ba
SSL: set TCP_NODELAY on SSL connections before handshake.
With OpenSSL 1.1.0+, the workaround for handshake buffer size as introduced
in a720f0b0e083 (ticket #413) no longer works, as OpenSSL no longer exposes
handshake buffers, see https://github.com/openssl/openssl/commit/2e7dc7cd688.
Moreover, it is no longer possible to adjust handshake buffers at all now.
To avoid additional RTT if handshake uses more than 4k we now set TCP_NODELAY
on SSL connections before handshake. While this still results in sub-optimal
network utilization due to incomplete packets being sent, it seems to be
better than nothing.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 29 May 2017 16:34:29 +0300 |
parents | 08dc60979133 |
children | 03444167a3bb |
line wrap: on
line diff
--- a/src/stream/ngx_stream_ssl_module.c Fri May 26 22:52:48 2017 +0300 +++ b/src/stream/ngx_stream_ssl_module.c Mon May 29 16:34:29 2017 +0300 @@ -352,12 +352,19 @@ static ngx_int_t ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) { - ngx_int_t rc; - ngx_stream_session_t *s; - ngx_stream_ssl_conf_t *sslcf; + ngx_int_t rc; + ngx_stream_session_t *s; + ngx_stream_ssl_conf_t *sslcf; + ngx_stream_core_srv_conf_t *cscf; s = c->data; + cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); + + if (cscf->tcp_nodelay && ngx_tcp_nodelay(c) != NGX_OK) { + return NGX_ERROR; + } + if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { return NGX_ERROR; }