[nginx] SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).

Maxim Dounin Mon, 16 Jul 2018 10:02:17 -0700

details:   http://hg.nginx.org/nginx/rev/dcab86115261
branches:  
changeset: 7319:dcab86115261
user:      Maxim Dounin <mdou...@mdounin.ru>
date:      Mon Jul 16 17:47:48 2018 +0300
description:
SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).


The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can
save some CPU cycles on renegotiation attempts.

diffstat:

 src/event/ngx_event_openssl.c |  4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diffs (14 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1193,6 +1193,10 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl
 
     } else {
         SSL_set_accept_state(sc->connection);
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+        SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
+#endif
     }
 
     if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[nginx] SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).

Reply via email to