SSL: speedup loading of configs with many ssl servers.

The patch saves one EC_KEY_generate_key() call per server{} block by
informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
the SSL_CTX_set_tmp_ecdh() call.

For a configuration file with 10k simple server{} blocks with SSL enabled
this change reduces startup time from 18s to 5s on a slow test box here.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 81da708f356cd3a04ce00751c2b0c1f0cc12dffd..378e72709fac9b7bef264d2b9733f7586bcb8822 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -643,10 +643,10 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
         return NGX_ERROR;
     }
 
-    SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
-
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
 
+    SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
+
     EC_KEY_free(ecdh);
 #endif
 #endif