Welcome! Log In Create A New Profile

[nginx] svn commit: r5107 - trunk/src/http/modules

Forum List Message List New Topic Print View

Anonymous User

March 07, 2013 01:22PM

Author: vbart
Date: 2013-03-07 18:21:28 +0000 (Thu, 07 Mar 2013)
New Revision: 5107
URL: http://trac.nginx.org/nginx/changeset/5107/nginx

Log:
SSL: Next Protocol Negotiation extension support.

Not only this is useful for the upcoming SPDY support, but it can
also help to improve HTTPS performance by enabling TLS False Start
in Chrome/Chromium browsers [1]. So, we always enable NPN for HTTPS
if it is supported by OpenSSL.

[1] http://www.imperialviolet.org/2012/04/11/falsestart.html

Modified:
trunk/src/http/modules/ngx_http_ssl_module.c

Modified: trunk/src/http/modules/ngx_http_ssl_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_ssl_module.c 2013-03-07 18:14:27 UTC (rev 5106)
+++ trunk/src/http/modules/ngx_http_ssl_module.c 2013-03-07 18:21:28 UTC (rev 5107)
@@ -18,6 +18,11 @@
#define NGX_DEFAULT_ECDH_CURVE "prime256v1"

+#ifdef TLSEXT_TYPE_next_proto_neg
+static int ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
+ const unsigned char **out, unsigned int *outlen, void *arg);
+#endif
+
static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
@@ -262,6 +267,30 @@
static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");

+#ifdef TLSEXT_TYPE_next_proto_neg
+
+#define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
+
+static int
+ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
+ const unsigned char **out, unsigned int *outlen, void *arg)
+{
+#if (NGX_DEBUG)
+ ngx_connection_t *c;
+
+ c = ngx_ssl_get_connection(ssl_conn);
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL NPN advertised");
+#endif
+
+ *out = (unsigned char *) NGX_HTTP_NPN_ADVERTISE;
+ *outlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
+
+ return SSL_TLSEXT_ERR_OK;
+}
+
+#endif
+
+
static ngx_int_t
ngx_http_ssl_static_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
@@ -490,6 +519,11 @@

#endif

+#ifdef TLSEXT_TYPE_next_proto_neg
+ SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx,
+ ngx_http_ssl_npn_advertised, NULL);
+#endif
+
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
return NGX_CONF_ERROR;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] svn commit: r5107 - trunk/src/http/modules	Anonymous User	832	March 07, 2013 01:22PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 255

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018