[nginx] svn commit: r5107 - trunk/src/http/modules

vbart at nginx.com vbart at nginx.com
Thu Mar 7 18:21:29 UTC 2013 

Author: vbart
Date: 2013-03-07 18:21:28 +0000 (Thu, 07 Mar 2013)
New Revision: 5107
URL: http://trac.nginx.org/nginx/changeset/5107/nginx

Log:
SSL: Next Protocol Negotiation extension support.

Not only this is useful for the upcoming SPDY support, but it can
also help to improve HTTPS performance by enabling TLS False Start
in Chrome/Chromium browsers [1].  So, we always enable NPN for HTTPS
if it is supported by OpenSSL.

[1] http://www.imperialviolet.org/2012/04/11/falsestart.html


Modified:
   trunk/src/http/modules/ngx_http_ssl_module.c

Modified: trunk/src/http/modules/ngx_http_ssl_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_ssl_module.c	2013-03-07 18:14:27 UTC (rev 5106)
+++ trunk/src/http/modules/ngx_http_ssl_module.c	2013-03-07 18:21:28 UTC (rev 5107)
@@ -18,6 +18,11 @@
 #define NGX_DEFAULT_ECDH_CURVE  "prime256v1"
 
 
+#ifdef TLSEXT_TYPE_next_proto_neg
+static int ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
+    const unsigned char **out, unsigned int *outlen, void *arg);
+#endif
+
 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data);
 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
@@ -262,6 +267,30 @@
 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
 
 
+#ifdef TLSEXT_TYPE_next_proto_neg
+
+#define NGX_HTTP_NPN_ADVERTISE  "\x08http/1.1"
+
+static int
+ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
+    const unsigned char **out, unsigned int *outlen, void *arg)
+{
+#if (NGX_DEBUG)
+    ngx_connection_t  *c;
+
+    c = ngx_ssl_get_connection(ssl_conn);
+    ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL NPN advertised");
+#endif
+
+    *out = (unsigned char *) NGX_HTTP_NPN_ADVERTISE;
+    *outlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+#endif
+
+
 static ngx_int_t
 ngx_http_ssl_static_variable(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data)
@@ -490,6 +519,11 @@
 
 #endif
 
+#ifdef TLSEXT_TYPE_next_proto_neg
+    SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx,
+                                          ngx_http_ssl_npn_advertised, NULL);
+#endif
+
     cln = ngx_pool_cleanup_add(cf->pool, 0);
     if (cln == NULL) {
         return NGX_CONF_ERROR;

More information about the nginx-devel mailing list