[RFC] event/openssl: Add dynamic record size support for serving ssl trafic

SplitIce mat999 at gmail.com
Tue Jun 2 01:04:43 UTC 2015


>From memory SSL_CIPHER_is_AES is a BoringSSL addition isnt it? I did a
quick look over the OpenSSL source and it does not seem like its been added

I havent had a chance to compile this yet to confirm it, but if correct
then this is not compatible with OpenSSL and possibly other SSL libraries.


On Thu, May 28, 2015 at 2:43 AM, W-Mark Kubacki <wmark+nginx at hurrikane.de>

> 2015-05-05 15:39 GMT+02:00 chen <gzchenym at 126.com>:
> >
> > This is v1 of the patchset the implementing the feature SSL Dynamic
> Record
> > Sizing, inspiring by Google Front End […]
> >
> > Any comments is welcome.
> Nice! I've implemented that for Golang in the past and have ported it
> to C for you today.
> Although a single initial packet might seem more attractive in
> benchmarks, I found that sending two results in better catching parts
> of HEAD — which is what we want. Then you will notice some dancing
> around IW4, by which we've already sent about 5683 octets. Enough for
> me for a making a tradeoff here.
> 16k as ssl->buffer_size results in partially filled packets. A better
> default value could minimize the overhead (<0.5%) for that trailing
> PDUs.
> SSL libraries really should provide a function for computing overhead.
> --
> Mark
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150602/213be134/attachment.html>

More information about the nginx-devel mailing list