SSL: speedup loading of configs with many ssl servers. The patch saves one EC_KEY_generate_key() call per server{} block by informing OpenSSL about SSL_OP_SINGLE_ECDH_USE we are going to use before the SSL_CTX_set_tmp_ecdh() call. For a configuration file with 10k simple server{} blocks with SSL enabled this change reduces startup time from 18s to 5s on a slow test box here.

commit: 041449a3d34b738a3a5d9012461e2a06f98f7b24 [log] [tgz]
author: Maxim Dounin <mdounin@mdounin.ru> Wed Jan 09 14:11:48 2013 +0000
committer: Maxim Dounin <mdounin@mdounin.ru> Wed Jan 09 14:11:48 2013 +0000
tree: 57785f758938ec6824b3de0954ade09ca882cabb
parent: a6ea2f8f4813efd6606d5d31481ae613cb114e76 [diff]
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 81da708..378e727 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c

@@ -643,10 +643,10 @@
         return NGX_ERROR;
     }
 
-    SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
-
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
 
+    SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
+
     EC_KEY_free(ecdh);
 #endif
 #endif
commit	041449a3d34b738a3a5d9012461e2a06f98f7b24	[log] [tgz]
author	Maxim Dounin <mdounin@mdounin.ru>	Wed Jan 09 14:11:48 2013 +0000
committer	Maxim Dounin <mdounin@mdounin.ru>	Wed Jan 09 14:11:48 2013 +0000
tree	57785f758938ec6824b3de0954ade09ca882cabb
parent	a6ea2f8f4813efd6606d5d31481ae613cb114e76 [diff]