From: Maxim Dounin <mdounin@mdounin.ru>
Date: Mon, 16 Jul 2018 14:47:48 +0000 (+0300)
Subject: SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).
X-Git-Tag: release-1.15.2~5
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=e1bebd05cb75fa6e8be5f4f942028501c9b22821;p=nginx.git

SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).

The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can
save some CPU cycles on renegotiation attempts.
---

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 2dfecd44c..04b092305 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1193,6 +1193,10 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
 
     } else {
         SSL_set_accept_state(sc->connection);
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+        SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
+#endif
     }
 
     if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {