Mercurial > hg > nginx
changeset 7319:dcab86115261
SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).
The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can
save some CPU cycles on renegotiation attempts.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 16 Jul 2018 17:47:48 +0300 |
parents | 3443fe40bdc7 |
children | 696df3ac27ac |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c Mon Jul 16 17:47:20 2018 +0300 +++ b/src/event/ngx_event_openssl.c Mon Jul 16 17:47:48 2018 +0300 @@ -1193,6 +1193,10 @@ } else { SSL_set_accept_state(sc->connection); + +#ifdef SSL_OP_NO_RENEGOTIATION + SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION); +#endif } if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {