[RFC] event/openssl: Add dynamic record size support for serving ssl trafic

SplitIce mat999 at gmail.com
Tue Jun 2 01:07:07 UTC 2015


Shortly after sending my response I found the commit for BoringSSL adding
the function.

https://boringssl.googlesource.com/boringssl/+/4d4bff89bb8ec345d289412f0f7f135c6e51b1a6%5E!/

On Thu, May 28, 2015 at 2:43 AM, W-Mark Kubacki <wmark+nginx at hurrikane.de>
wrote:

> 2015-05-05 15:39 GMT+02:00 chen <gzchenym at 126.com>:
> >
> > This is v1 of the patchset the implementing the feature SSL Dynamic
> Record
> > Sizing, inspiring by Google Front End […]
> >
> > Any comments is welcome.
>
> Nice! I've implemented that for Golang in the past and have ported it
> to C for you today.
>
> Although a single initial packet might seem more attractive in
> benchmarks, I found that sending two results in better catching parts
> of HEAD — which is what we want. Then you will notice some dancing
> around IW4, by which we've already sent about 5683 octets. Enough for
> me for a making a tradeoff here.
>
> 16k as ssl->buffer_size results in partially filled packets. A better
> default value could minimize the overhead (<0.5%) for that trailing
> PDUs.
>
> SSL libraries really should provide a function for computing overhead.
>
> --
> Mark
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150602/c3293f99/attachment.html>


More information about the nginx-devel mailing list