Re: Extra RTT on large certificates (again?)

2017-05-23 Thread Albert Casademont
Thanks, makes perfect sense :) On Tue, May 23, 2017 at 7:56 PM, Maxim Dounin wrote: > Hello! > > On Tue, May 23, 2017 at 06:44:27PM +0200, Albert Casademont wrote: > > > Hi Maxim, > > > > Yes, as we were already compiling our own nginx we apply a patch in > openssl > > before compilation increas

Re: [PATCH] Proxy: support configuration of socket buffer sizes

2017-05-23 Thread Maxim Dounin
Hello! On Mon, May 22, 2017 at 07:02:04PM +, Karstens, Nate wrote: > Maxim, > > I'd be happy to explain. Our application is actually relying > more on the change to support to SO_SNDBUF option, but I noticed > the SO_RCVBUF option there and thought it was worth exposing > that at the same

Re: Extra RTT on large certificates (again?)

2017-05-23 Thread Maxim Dounin
Hello! On Tue, May 23, 2017 at 06:44:27PM +0200, Albert Casademont wrote: > Hi Maxim, > > Yes, as we were already compiling our own nginx we apply a patch in openssl > before compilation increasing the buffer size to 5120 bytes as a workaround. > > As for the patch, we already had "tcp_nodelay

[nginx] HTTP/2: fixed segfault when memory allocation failed.

2017-05-23 Thread Valentin Bartenev
details: http://hg.nginx.org/nginx/rev/b624fbf7bee2 branches: changeset: 7004:b624fbf7bee2 user: Valentin Bartenev date: Tue May 23 20:19:39 2017 +0300 description: HTTP/2: fixed segfault when memory allocation failed. If allocation of cleanup handler in the HTTP/2 header filter fai

Re: Extra RTT on large certificates (again?)

2017-05-23 Thread Albert Casademont
Hi Maxim, Yes, as we were already compiling our own nginx we apply a patch in openssl before compilation increasing the buffer size to 5120 bytes as a workaround. As for the patch, we already had "tcp_nodelay on" set in our http {} config and we kept seeing the extra RTT, is this a different sett

Re: CXXFLAGS support

2017-05-23 Thread Maxim Dounin
Hello! On Mon, May 22, 2017 at 01:14:04PM +0300, Sorin Manole wrote: > Missed attachment. > > 2017-05-21 22:23 GMT+03:00 Sorin Manole : > > Hello, > > > > Would you be willing to accept a patch to support CXX and CXXFLAGS in > > the nginx build logic? > > This could be used to write C++ nginx mo

Re: Extra RTT on large certificates (again?)

2017-05-23 Thread Maxim Dounin
Hello! On Mon, May 22, 2017 at 10:34:11PM +0200, Albert Casademont wrote: > Seems like the openssl devs are aware of the issue and welcoming PRs, AFAIK > nothing's been done yet. > > https://mta.openssl.org/pipermail/openssl-users/2016-November/004835.html Thanks for the link, it confirms what