On Mon, Mar 13, 2017 at 06:10:23PM +0100, Willy Tarreau wrote: > > Just wanted to follow up. I've been running this patch for a couple days on > > an idle system and haven't noticed any problems. > > Could this be merged? Is there anything else I can test? > > I'm personally fine with it but I'd rather have Emeric approve it, as > he knows better than me the possible impacts of shutting down cleanly > or not on SSL. > > Emeric, I've re-attached the patch. Using conn_data_shutw() instead of > conn_data_shutw_hard() causes the "clean" flag to be set when calling > ssl_sock_shutw() and SSL_set_quiet_shutdown() not to be called so that > we perform a clean shutdown. The purpose is to give a chance to the > server to store the context and avoid renegociating.
Now applied with Emeric's blessing. Thanks, Willy