SSL: use of the SSL_OP_NO_RENEGOTIATION option (ticket #1376). The SSL_OP_NO_RENEGOTIATION option is available in OpenSSL 1.1.0h+ and can save some CPU cycles on renegotiation attempts.

commit: 4a3f768c4abb3e3682c4477b5af8d53714411833 [log] [tgz]
author: Maxim Dounin <mdounin@mdounin.ru> Mon Jul 16 17:47:48 2018 +0300
committer: Maxim Dounin <mdounin@mdounin.ru> Mon Jul 16 17:47:48 2018 +0300
tree: 5c0954b481651cd08b2177807bdd0244f1dcec49
parent: 6737f50490537355382aa208b26ab8704fae3b60 [diff]
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 2dfecd4..04b0923 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c

@@ -1193,6 +1193,10 @@
 
     } else {
         SSL_set_accept_state(sc->connection);
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+        SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
+#endif
     }
 
     if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
commit	4a3f768c4abb3e3682c4477b5af8d53714411833	[log] [tgz]
author	Maxim Dounin <mdounin@mdounin.ru>	Mon Jul 16 17:47:48 2018 +0300
committer	Maxim Dounin <mdounin@mdounin.ru>	Mon Jul 16 17:47:48 2018 +0300
tree	5c0954b481651cd08b2177807bdd0244f1dcec49
parent	6737f50490537355382aa208b26ab8704fae3b60 [diff]