Bad Decompression error after default ssl_session_timeout
Igor Sysoev
igor at sysoev.ru
Wed May 23 09:00:40 UTC 2012
On Wed, May 23, 2012 at 03:03:33AM -0400, lima wrote:
> Thanks for the reply.
>
> The first solution has solved the problem!! unfortunately we cannot make
> proxy_ssl_session_reuse off, as it may affect the performance. And the
> second option given by you is also cannot be done as the system team has
> some concern over it. The Openssl version we are using is the latest one
> supported by the CentOS version we are using.
>
> Is it possible to configure/compile nginx without zlib support?
>
> Again, is the gzip module creating problem here? We tried with gzip on
> and off but still it was giving the same problem.
Try the attached patch.
--
Igor Sysoev
-------------- next part --------------
Index: src/event/ngx_event_openssl.c
===================================================================
--- src/event/ngx_event_openssl.c (revision 4644)
+++ src/event/ngx_event_openssl.c (working copy)
@@ -94,6 +94,24 @@
OpenSSL_add_all_algorithms();
+#ifndef SSL_OP_NO_COMPRESSION
+ {
+ /*
+ * Disable gzip compression in OpenSSL prior to 1.0.0 version,
+ * this saves about 522K per connection.
+ */
+ int i, n;
+ STACK_OF(SSL_COMP) *ssl_comp_methods;
+
+ ssl_comp_methods = SSL_COMP_get_compression_methods();
+ n = sk_SSL_COMP_num(ssl_comp_methods);
+
+ for (i = 0; i < n; i++) {
+ (void) sk_SSL_COMP_delete(ssl_comp_methods, i);
+ }
+ }
+#endif
+
ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
if (ngx_ssl_connection_index == -1) {
More information about the nginx
mailing list