diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2018-07-16 17:47:48 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2018-07-16 17:47:48 +0300 |
| commit | e1bebd05cb75fa6e8be5f4f942028501c9b22821 (patch) | |
| tree | 5c0954b481651cd08b2177807bdd0244f1dcec49 | |
| parent | 14561299025b1a85dc7e7d9b5d793a0fa95fd393 (diff) | |
| download | nginx-e1bebd05cb75fa6e8be5f4f942028501c9b22821.tar.gz nginx-e1bebd05cb75fa6e8be5f4f942028501c9b22821.tar.bz2 | |
SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).
The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can
save some CPU cycles on renegotiation attempts.
| -rw-r--r-- | src/event/ngx_event_openssl.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 2dfecd44c..04b092305 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1193,6 +1193,10 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) } else { SSL_set_accept_state(sc->connection); + +#ifdef SSL_OP_NO_RENEGOTIATION + SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION); +#endif } if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) { |