[RFC] event/openssl: Add dynamic record size support for serving ssl trafic

Ilya Grigorik igrigorik at gmail.com
Tue May 12 14:57:49 UTC 2015


Awesome, thanks for putting this together!

On Tue, May 5, 2015 at 6:39 AM, chen <gzchenym at 126.com> wrote:

> There are 3 conditions, if true at the same time, may trigger SSL_write to
> send small record over the link, hard coded 1400 bytes at this time to
keep
> it fit into MTU size. We just send out 3 of this small record at most to
> reduce framing overhead when serving large object, that is enough for
> browser to discovery other dependency of the page at top of html file. If
> the buffer chain is smaller than 4096 bytes, it will not justify the
> overhead of sending small record. After idle for 60s(hard coded at this
> moment), start all over again.
>

A few followup notes and questions...

1) "small record" size should be closer to 1300 bytes to account for
various overhead, see [1].
2) any way to guarantee that packets are flushed at record boundaries?
3) why just 3 packets? I'd suggest emitting the first CWND's worth.. aka,
10.

ig

[1] https://issues.apache.org/jira/browse/TS-2503

On Tue, May 12, 2015 at 7:52 AM, Ilya Grigorik <ilya at igvita.com> wrote:

> Awesome, thanks for putting this together!
>
> On Tue, May 5, 2015 at 6:39 AM, chen <gzchenym at 126.com> wrote:
>
>> There are 3 conditions, if true at the same time, may trigger SSL_write
>> to send small record over the link, hard coded 1400 bytes at this time to
>> keep it fit into MTU size. We just send out 3 of this small record at most
>> to reduce framing overhead when serving large object, that is enough for
>> browser to discovery other dependency of the page at top of html file. If
>> the buffer chain is smaller than 4096 bytes, it will not justify the
>> overhead of sending small record. After idle for 60s(hard coded at this
>> moment), start all over again.
>>
>
> A few followup notes and questions...
>
> 1) "small record" size should be closer to 1300 bytes to account for
> various overhead, see [1].
> 2) any way to guarantee that packets are flushed at record boundaries?
> 3) why just 3 packets? I'd suggest emitting the first CWND's worth.. aka,
> 10.
>
> ig
>
> [1] https://issues.apache.org/jira/browse/TS-2503
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150512/1dc96b8b/attachment.html>


More information about the nginx-devel mailing list