Skip to content
Snippets Groups Projects
  1. Apr 07, 2015
  2. Mar 26, 2015
  3. Apr 06, 2015
  4. Apr 03, 2015
  5. Apr 01, 2015
  6. Mar 31, 2015
  7. Mar 27, 2015
  8. Mar 23, 2015
    • Valentin Bartenev's avatar
      SPDY: always push pending data. · 0e853129
      Valentin Bartenev authored
      This helps to avoid suboptimal behavior when a client waits for a control
      frame or more data to increase window size, but the frames have been delayed
      in the socket buffer.
      
      The delays can be caused by bad interaction between Nagle's algorithm on
      nginx side and delayed ACK on the client side or by TCP_CORK/TCP_NOPUSH
      if SPDY was working without SSL and sendfile() was used.
      
      The pushing code is now very similar to ngx_http_set_keepalive().
      0e853129
    • Valentin Bartenev's avatar
  9. Mar 26, 2015
  10. Mar 25, 2015
  11. Mar 24, 2015
  12. Mar 23, 2015
  13. Mar 22, 2015
    • Maxim Dounin's avatar
      Updated OpenSSL used for win32 builds. · 090fb6f3
      Maxim Dounin authored
      090fb6f3
    • Maxim Dounin's avatar
      SSL: use of SSL_MODE_NO_AUTO_CHAIN. · 47c44355
      Maxim Dounin authored
      The SSL_MODE_NO_AUTO_CHAIN mode prevents OpenSSL from automatically
      building a certificate chain on the fly if there is no certificate chain
      explicitly provided.  Before this change, certificates provided via the
      ssl_client_certificate and ssl_trusted_certificate directives were
      used by OpenSSL to automatically build certificate chains, resulting
      in unexpected (and in some cases unneeded) chains being sent to clients.
      47c44355
    • Maxim Dounin's avatar
      SSL: avoid SSL_CTX_set_tmp_rsa_callback() call with LibreSSL. · a20c6d20
      Maxim Dounin authored
      LibreSSL removed support for export ciphers and a call to
      SSL_CTX_set_tmp_rsa_callback() results in an error left in the error
      queue.  This caused alerts "ignoring stale global SSL error (...called
      a function you should not call) while SSL handshaking" on a first connection
      in each worker process.
      a20c6d20
    • Maxim Dounin's avatar
      SSL: clear protocol options. · b0d8ff55
      Maxim Dounin authored
      LibreSSL 2.1.1+ started to set SSL_OP_NO_SSLv3 option by default on
      new contexts.  This makes sure to clear it to make it possible to use SSLv3
      with LibreSSL if enabled in nginx config.
      
      Prodded by Kuramoto Eiji.
      b0d8ff55