mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 17:52:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: set TCP_NODELAY on SSL connections before handshake.

Browse Source 
With OpenSSL 1.1.0+, the workaround for handshake buffer size as introduced
in a720f0b0e083 (ticket #413) no longer works, as OpenSSL no longer exposes
handshake buffers, see https://github.com/openssl/openssl/commit/2e7dc7cd688.
Moreover, it is no longer possible to adjust handshake buffers at all now.

To avoid additional RTT if handshake uses more than 4k we now set TCP_NODELAY
on SSL connections before handshake.  While this still results in sub-optimal
network utilization due to incomplete packets being sent, it seems to be
better than nothing.
This commit is contained in:
Maxim Dounin 2017-05-29 16:34:29 +03:00
parent b66c18d2d5
commit 2db69fed2c
2 changed files with 27 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/http/ngx_http_request.c
View File

@ -623,14 +623,15 @@ ngx_http_create_request(ngx_connection_t *c)
static void static void
ngx_http_ssl_handshake(ngx_event_t *rev) ngx_http_ssl_handshake(ngx_event_t *rev)
{ {
u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER + 1]; u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER + 1];
size_t size; size_t size;
ssize_t n; ssize_t n;
ngx_err_t err; ngx_err_t err;
ngx_int_t rc; ngx_int_t rc;
ngx_connection_t *c; ngx_connection_t *c;
ngx_http_connection_t *hc; ngx_http_connection_t *hc;
ngx_http_ssl_srv_conf_t *sscf; ngx_http_ssl_srv_conf_t *sscf;
ngx_http_core_loc_conf_t *clcf;
c = rev->data; c = rev->data;
hc = c->data; hc = c->data;
@ -712,6 +713,14 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0,
"https ssl handshake: 0x%02Xd", buf[0]); "https ssl handshake: 0x%02Xd", buf[0]);
clcf = ngx_http_get_module_loc_conf(hc->conf_ctx,
ngx_http_core_module);
if (clcf->tcp_nodelay && ngx_tcp_nodelay(c) != NGX_OK) {
ngx_http_close_connection(c);
return;
}
sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, sscf = ngx_http_get_module_srv_conf(hc->conf_ctx,
ngx_http_ssl_module); ngx_http_ssl_module);

13
src/stream/ngx_stream_ssl_module.c
View File

@ -352,12 +352,19 @@ ngx_stream_ssl_handler(ngx_stream_session_t *s)
static ngx_int_t static ngx_int_t
ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
{ {
ngx_int_t rc; ngx_int_t rc;
ngx_stream_session_t *s; ngx_stream_session_t *s;
ngx_stream_ssl_conf_t *sslcf; ngx_stream_ssl_conf_t *sslcf;
ngx_stream_core_srv_conf_t *cscf;
s = c->data; s = c->data;
cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module);
if (cscf->tcp_nodelay && ngx_tcp_nodelay(c) != NGX_OK) {
return NGX_ERROR;
}
if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
return NGX_ERROR; return NGX_ERROR;
} }