*) SSL: speedup loading of configs with many ssl servers. The patch
saves one EC_KEY_generate_key() call per server{} block by informing
OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
the SSL_CTX_set_tmp_ecdh() call.
For a configuration file with 10k simple server{} blocks with SSL
enabled this change reduces startup time from 18s to 5s on a slow
test box here.
*) SSL: removed conditions that always hold true.
*) SSL: resetting of flush flag after the data was written. There is
no need to flush next chunk of data if it does not contain a buffer
with the flush or last_buf flags set.
*) SSL: preservation of flush flag for buffered data. Previously,
if SSL buffer was not sent we lost information that the data
must be flushed.
*) SSL: calculation of buffer size moved closer to its usage.
No functional changes.
*) SSL: avoid calling SSL_write() with zero data size. According to
documentation, calling SSL_write() with num=0 bytes to be sent
results in undefined behavior.
We don't currently call ngx_ssl_send_chain() with empty chain and
buffer. This check handles the case of a chain with total data size
that is a multiple of NGX_SSL_BUFSIZE, and with the special buffer
at the end.
In practice such cases resulted in premature connection close and
critical error "SSL_write() failed (SSL:)" in the error log.
*) SSL: take into account data in the buffer while limiting output.
In some rare cases this can result in a more smooth sending rate.
*) SSL: fixed ngx_ssl_handshake() with level-triggered event methods.
Missing calls to ngx_handle_write_event() and ngx_handle_read_event()
resulted in a CPU hog during SSL handshake if an level-triggered event
method (e.g. select) was used.
projects / nginx.git / commit