proxy_ssl_session_reuse
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index 880d998..cf56054 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -360,6 +360,17 @@
offsetof(ngx_http_proxy_loc_conf_t, upstream.hide_headers),
NULL },
+#if (NGX_HTTP_SSL)
+
+ { ngx_string("proxy_ssl_session_reuse"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_session_reuse),
+ NULL },
+
+#endif
+
ngx_null_command
};
@@ -1645,6 +1656,9 @@
conf->upstream.pass_headers = NGX_CONF_UNSET_PTR;
conf->upstream.intercept_errors = NGX_CONF_UNSET;
+#if (NGX_HTTP_SSL)
+ conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
+#endif
/* "proxy_cyclic_temp_file" is disabled */
conf->upstream.cyclic_temp_file = 0;
@@ -1834,6 +1848,11 @@
ngx_conf_merge_value(conf->upstream.intercept_errors,
prev->upstream.intercept_errors, 0);
+#if (NGX_HTTP_SSL)
+ ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
+ prev->upstream.ssl_session_reuse, 1);
+#endif
+
ngx_conf_merge_value(conf->redirect, prev->redirect, 1);
if (conf->redirect) {
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index c270996..ae86b98 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -789,10 +789,12 @@
c->sendfile = 0;
u->output.sendfile = 0;
- if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) {
- ngx_http_upstream_finalize_request(r, u,
- NGX_HTTP_INTERNAL_SERVER_ERROR);
- return;
+ if (u->conf->ssl_session_reuse) {
+ if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) {
+ ngx_http_upstream_finalize_request(r, u,
+ NGX_HTTP_INTERNAL_SERVER_ERROR);
+ return;
+ }
}
r->connection->log->action = "SSL handshaking to upstream";
@@ -819,7 +821,9 @@
if (c->ssl->handshaked) {
- u->peer.save_session(&u->peer, u->peer.data);
+ if (u->conf->ssl_session_reuse) {
+ u->peer.save_session(&u->peer, u->peer.data);
+ }
c->write->handler = ngx_http_upstream_send_request_handler;
c->read->handler = ngx_http_upstream_process_header;
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index 2ed2797..66c2cf3 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -148,6 +148,7 @@
#if (NGX_HTTP_SSL)
ngx_ssl_t *ssl;
+ ngx_flag_t ssl_session_reuse;
#endif
} ngx_http_upstream_conf_t;
