[nginx] SSL: ssl_buffer_size directive.
Alex
alex at zeitgeist.se
Fri Dec 20 20:49:02 UTC 2013
On 2013-12-20 13:19, Maxim Dounin wrote:
> description:
> SSL: ssl_buffer_size directive.
Great to see this going into mainline.
On 2013-12-20 19:58, Ilya Grigorik wrote:
> (a) Is there any way to force a packet flush on record end?
That would be indeed nice. Flushing would prevent a TLS record from
spilling over into later TCP segments, which ensures that each encrypted
packet payload can be decrypted completely per TCP segment.
> This would require a bit more work than the current patch, but I'd love to see a similar strategy in nginx. Hardcoding a fixed record size will inevitably lead to suboptimal delivery of either interactive or bulk traffic. Thoughts?
It'd be interesting to know how difficult it'd be to implement such a
dynamic behavior of the SSL buffer size. An easier, albeit less optimal
solution would be to adjust the ssl_buffer_size directive depending on
the request URI (via location blocks). Not sure if Maxim's patch would
allow for that already? If large files are served from a known request
URI pattern, you could then increase the SSL buffer size accordingly for
that location.
More information about the nginx-devel
mailing list