Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).

Maxim Dounin
July 16, 2018 01:04PM
details: http://hg.nginx.org/nginx/rev/dcab86115261
branches:
changeset: 7319:dcab86115261
user: Maxim Dounin <mdounin@mdounin.ru>
date: Mon Jul 16 17:47:48 2018 +0300
description:
SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).

The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can
save some CPU cycles on renegotiation attempts.

diffstat:

src/event/ngx_event_openssl.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)

diffs (14 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1193,6 +1193,10 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl

} else {
SSL_set_accept_state(sc->connection);
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+ SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
+#endif
}

if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376).

Maxim Dounin 115 July 16, 2018 01:04PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 95
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready