SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376). The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can save some CPU cycles on renegotiation attempts.
Maxim Dounin
3 years ago
1 changed file(s) with
4 addition(s)
and
0 deletion(s)
.
Raw diff
Collapse all
Expand all
+4
-0
src/event/ngx_event_openssl.c
less
more
1192
1192
1193
1193
} else {
1194
1194
SSL_set_accept_state(sc->connection);
1195
1196
#ifdef SSL_OP_NO_RENEGOTIATION
1197
SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
1198
#endif
1195
1199
}
1196
1200
1197
1201
if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {