On 2013-12-20 13:19, Maxim Dounin wrote: > description: > SSL: ssl_buffer_size directive.
Great to see this going into mainline. On 2013-12-20 19:58, Ilya Grigorik wrote: > (a) Is there any way to force a packet flush on record end? That would be indeed nice. Flushing would prevent a TLS record from spilling over into later TCP segments, which ensures that each encrypted packet payload can be decrypted completely per TCP segment. > This would require a bit more work than the current patch, but I'd love to > see a similar strategy in nginx. Hardcoding a fixed record size will > inevitably lead to suboptimal delivery of either interactive or bulk traffic. > Thoughts? It'd be interesting to know how difficult it'd be to implement such a dynamic behavior of the SSL buffer size. An easier, albeit less optimal solution would be to adjust the ssl_buffer_size directive depending on the request URI (via location blocks). Not sure if Maxim's patch would allow for that already? If large files are served from a known request URI pattern, you could then increase the SSL buffer size accordingly for that location. _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
