Hi wmark I have read your post in nginx forum, I think the getsockopt(2) call at connection init process will cause cpu spike if for example 100K clients try to connect to the server at the same time. But what you will get from the &mss return from the kernel are exactly the same 99.9 percent of th e time. I have already take that into account when I design that patch, so I make it hard-coded. And BTW what did you mean by "sending two result s in better catching parts"? Regard YM
At 2015-06-03 02:14:45, "W-Mark Kubacki" <wmark+ng...@hurrikane.de> wrote: >2015-06-02 3:04 GMT+02:00 SplitIce <mat...@gmail.com>: >> From memory SSL_CIPHER_is_AES is a BoringSSL addition isnt it? I did a quick >> look over the OpenSSL source and it does not seem like its been added >> either. >> >> I havent had a chance to compile this yet to confirm it, but if correct then >> this is not compatible with OpenSSL and possibly other SSL libraries. > >My bad. It's a draft and, as you've found out, can be trivially fixed. > >https://github.com/openssl/openssl/blob/c3d734701cd57575856bf9b542446811518dd28c/ssl/ssl_ciph.c#L596-L615 > >https://boringssl.googlesource.com/boringssl/+/4d4bff89bb8ec345d289412f0f7f135c6e51b1a6%5E!/ > >-- >Mark > >_______________________________________________ >nginx-devel mailing list >nginx-devel@nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
