On 2013-12-20 13:19, Maxim Dounin wrote:

> description:
> SSL: ssl_buffer_size directive.

Great to see this going into mainline.

On 2013-12-20 19:58, Ilya Grigorik wrote:

> (a) Is there any way to force a packet flush on record end?

That would be indeed nice. Flushing would prevent a TLS record from
spilling over into later TCP segments, which ensures that each encrypted
packet payload can be decrypted completely per TCP segment.

> This would require a bit more work than the current patch, but I'd love to see a similar strategy in nginx. Hardcoding a fixed record size will inevitably lead to suboptimal delivery of either interactive or bulk traffic. Thoughts?

It'd be interesting to know how difficult it'd be to implement such a
dynamic behavior of the SSL buffer size. An easier, albeit less optimal
solution would be to adjust the ssl_buffer_size directive depending on
the request URI (via location blocks). Not sure if Maxim's patch would
allow for that already? If large files are served from a known request
URI pattern, you could then increase the SSL buffer size accordingly for
that location.

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel