Welcome! Log In Create A New Profile

Advanced

[PATCH] Enable SSL_OP_PRIORITIZE_CHACHA for server-side SSL contexts

Previous Message Next Message
Forum List Message List New Topic Print View
Pascal Ernster
May 03, 2019 08:10PM
# HG changeset patch
# User Pascal Ernster <nginx-devel@hardfalcon.net>
# Date 1556927912 -7200
# Sat May 04 01:58:32 2019 +0200
# Node ID 9560af6ada8f395a3b01c66e6846fa7ebd41729d
# Parent 16a1adadf43751f59257ba419f6bacd530dd19d3
Enable SSL_OP_PRIORITIZE_CHACHA for server-side SSL contexts.

Available since OpenSSL 1.1.1, this prioritizes ChaCha ciphers when the client has a ChaCha20 cipher at the top of its preference list, indicating that the client does not have hardware acceleration for AES. The result is much better performance on devices like low-end Android smartphones or embedded hardware running OpenWRT.

diff -r 16a1adadf437 -r 9560af6ada8f src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Wed Apr 24 16:38:56 2019 +0300
+++ b/src/event/ngx_event_openssl.c Sat May 04 01:58:32 2019 +0200
@@ -380,6 +380,10 @@
SSL_CTX_set_mode(ssl->ctx, SSL_MODE_NO_AUTO_CHAIN);
#endif

+#ifdef SSL_OP_PRIORITIZE_CHACHA
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_PRIORITIZE_CHACHA);
+#endif
+
SSL_CTX_set_read_ahead(ssl->ctx, 1);

SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[PATCH] Enable SSL_OP_PRIORITIZE_CHACHA for server-side SSL contexts

Pascal Ernster 513 May 03, 2019 08:10PM

Re: [PATCH] Enable SSL_OP_PRIORITIZE_CHACHA for server-side SSL contexts

Maxim Dounin 192 May 03, 2019 08:38PM

Re: [PATCH] Enable SSL_OP_PRIORITIZE_CHACHA for server-side SSL contexts

Pascal Ernster 165 May 03, 2019 09:20PM

Re: [PATCH] Enable SSL_OP_PRIORITIZE_CHACHA for server-side SSL contexts

Maxim Dounin 196 May 06, 2019 09:24AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 293
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready