[nginx] SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).
Maxim Dounin
mdounin at mdounin.ru
Mon Jul 16 17:02:07 UTC 2018
details: http://hg.nginx.org/nginx/rev/dcab86115261
branches:
changeset: 7319:dcab86115261
user: Maxim Dounin <mdounin at mdounin.ru>
date: Mon Jul 16 17:47:48 2018 +0300
description:
SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).
The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can
save some CPU cycles on renegotiation attempts.
diffstat:
src/event/ngx_event_openssl.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diffs (14 lines):
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1193,6 +1193,10 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl
} else {
SSL_set_accept_state(sc->connection);
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+ SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
+#endif
}
if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
More information about the nginx-devel
mailing list