From: Maxim Dounin <mdounin@mdounin.ru>
Date: Wed, 9 Jan 2013 14:11:48 +0000 (+0000)
Subject: SSL: speedup loading of configs with many ssl servers.
X-Git-Tag: release-1.3.11~3
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=041449a3d34b738a3a5d9012461e2a06f98f7b24;p=nginx.git

SSL: speedup loading of configs with many ssl servers.

The patch saves one EC_KEY_generate_key() call per server{} block by
informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before
the SSL_CTX_set_tmp_ecdh() call.

For a configuration file with 10k simple server{} blocks with SSL enabled
this change reduces startup time from 18s to 5s on a slow test box here.
---

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 81da708f3..378e72709 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -643,10 +643,10 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
         return NGX_ERROR;
     }
 
-    SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
-
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
 
+    SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
+
     EC_KEY_free(ecdh);
 #endif
 #endif