[RFC] event/openssl: Add dynamic record size support for serving ssl trafic
chen
gzchenym at 126.com
Thu Jul 30 03:56:04 UTC 2015
Hi wmark
I have read your post in nginx forum, I think the getsockopt(2) call at connection init process will cause cpu spike if for example 100K clients
try to connect to the server at the same time. But what you will get from the &mss return from the kernel are exactly the same 99.9 percent of th
e time. I have already take that into account when I design that patch, so I make it hard-coded. And BTW what did you mean by "sending two result
s in better catching parts"?
Regard
YM
At 2015-06-03 02:14:45, "W-Mark Kubacki" <wmark+nginx at hurrikane.de> wrote:
>2015-06-02 3:04 GMT+02:00 SplitIce <mat999 at gmail.com>:
>> From memory SSL_CIPHER_is_AES is a BoringSSL addition isnt it? I did a quick
>> look over the OpenSSL source and it does not seem like its been added
>> either.
>>
>> I havent had a chance to compile this yet to confirm it, but if correct then
>> this is not compatible with OpenSSL and possibly other SSL libraries.
>
>My bad. It's a draft and, as you've found out, can be trivially fixed.
>
>https://github.com/openssl/openssl/blob/c3d734701cd57575856bf9b542446811518dd28c/ssl/ssl_ciph.c#L596-L615
>
>https://boringssl.googlesource.com/boringssl/+/4d4bff89bb8ec345d289412f0f7f135c6e51b1a6%5E!/
>
>--
>Mark
>
>_______________________________________________
>nginx-devel mailing list
>nginx-devel at nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150730/a1228275/attachment.html>
More information about the nginx-devel
mailing list