[RFC] event/openssl: Add dynamic record size support for serving ssl trafic

SplitIce mat999 at gmail.com
Tue Jun 2 01:04:43 UTC 2015


Mark,

>From memory SSL_CIPHER_is_AES is a BoringSSL addition isnt it? I did a
quick look over the OpenSSL source and it does not seem like its been added
either.

I havent had a chance to compile this yet to confirm it, but if correct
then this is not compatible with OpenSSL and possibly other SSL libraries.

Regards,
Mathew



On Thu, May 28, 2015 at 2:43 AM, W-Mark Kubacki <wmark+nginx at hurrikane.de>
wrote:

> 2015-05-05 15:39 GMT+02:00 chen <gzchenym at 126.com>:
> >
> > This is v1 of the patchset the implementing the feature SSL Dynamic
> Record
> > Sizing, inspiring by Google Front End […]
> >
> > Any comments is welcome.
>
> Nice! I've implemented that for Golang in the past and have ported it
> to C for you today.
>
> Although a single initial packet might seem more attractive in
> benchmarks, I found that sending two results in better catching parts
> of HEAD — which is what we want. Then you will notice some dancing
> around IW4, by which we've already sent about 5683 octets. Enough for
> me for a making a tradeoff here.
>
> 16k as ssl->buffer_size results in partially filled packets. A better
> default value could minimize the overhead (<0.5%) for that trailing
> PDUs.
>
> SSL libraries really should provide a function for computing overhead.
>
> --
> Mark
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150602/213be134/attachment.html>


More information about the nginx-devel mailing list