SSL: speedup loading of configs with many ssl servers.

The patch saves one EC_KEY_generate_key() call per server{} block by informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before the SSL_CTX_set_tmp_ecdh() call. For a configuration file with 10k simple server{} blocks with SSL enabled this change reduces startup time from 18s to 5s on a slow test box here.
author: Maxim Dounin <mdounin@mdounin.ru> 2013-01-09 14:11:48 +0000
committer: Maxim Dounin <mdounin@mdounin.ru> 2013-01-09 14:11:48 +0000
commit: 041449a3d34b738a3a5d9012461e2a06f98f7b24 (patch)
tree: 57785f758938ec6824b3de0954ade09ca882cabb /src
parent: a6ea2f8f4813efd6606d5d31481ae613cb114e76 (diff)
download: nginx-041449a3d34b738a3a5d9012461e2a06f98f7b24.tar.gz
nginx-041449a3d34b738a3a5d9012461e2a06f98f7b24.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 81da708f3..378e72709 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -643,10 +643,10 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
         return NGX_ERROR;
     }
 
-    SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
-
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
 
+    SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
+
     EC_KEY_free(ecdh);
 #endif
 #endif
author	Maxim Dounin <mdounin@mdounin.ru>	2013-01-09 14:11:48 +0000
committer	Maxim Dounin <mdounin@mdounin.ru>	2013-01-09 14:11:48 +0000
commit	041449a3d34b738a3a5d9012461e2a06f98f7b24 (patch)
tree	57785f758938ec6824b3de0954ade09ca882cabb /src
parent	a6ea2f8f4813efd6606d5d31481ae613cb114e76 (diff)
download	nginx-041449a3d34b738a3a5d9012461e2a06f98f7b24.tar.gz nginx-041449a3d34b738a3a5d9012461e2a06f98f7b24.zip