upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
haproxy/include/types
History
Willy Tarreau bfd5946aa1 MINOR: ssl: add a global tunable for the max SSL/TLS record size 
Add new tunable "tune.ssl.maxrecord".

Over SSL/TLS, the client can decipher the data only once it has received
a full record. With large records, it means that clients might have to
download up to 16kB of data before starting to process them. Limiting the
record size can improve page load times on browsers located over high
latency or low bandwidth networks. It is suggested to find optimal values
which fit into 1 or 2 TCP segments (generally 1448 bytes over Ethernet
with TCP timestamps enabled, or 1460 when timestamps are disabled), keeping
in mind that SSL/TLS add some overhead. Typical values of 1419 and 2859
gave good results during tests. Use "strace -e trace=write" to find the
best value.

This trick was first suggested by Mike Belshe :

   http://www.belshe.com/2010/12/17/performance-and-the-tls-record-size/

Then requested again by Ilya Grigorik who provides some hints here :

   http://ofps.oreilly.com/titles/9781449344764/_transport_layer_security_tls.html#ch04_00000101
2013-02-21 07:53:13 +01:00
..
acl.h MEDIUM: acl: support IPv6 address matching 2012-05-08 21:28:14 +02:00
arg.h REORG: buffers: split buffers into chunk,buffer,channel 2012-09-03 20:47:32 +02:00
auth.h [REORG] http: move the http-request rules to proto_http 2011-03-13 22:00:24 +01:00
backend.h BUG/MAJOR: checks: don't call set_server_status_* when no LB algo is set 2012-05-19 19:09:46 +02:00
capture.h [MAJOR] last bunch of capture changes for mempool v2 2007-05-13 22:46:04 +02:00
channel.h CLEANUP: channel: remove any reference of the hijackers 2012-11-11 23:05:39 +01:00
checks.h MINOR: checks: add on-marked-up option 2012-06-03 23:48:42 +02:00
compression.h MEDIUM: compression: use pool for comp_ctx 2012-11-21 01:56:47 +01:00
connection.h MEDIUM: connection: introduce "struct conn_src" for servers and proxies 2012-12-09 10:04:39 +01:00
counters.h MINOR: stats: report the total number of compressed responses per front/back 2012-11-24 14:54:13 +01:00
fd.h MAJOR: polling: remove unused callbacks from the poller struct 2012-11-11 21:02:34 +01:00
freq_ctr.h [MINOR] freq_ctr: add new types and functions for periods different from 1s 2010-08-10 14:01:09 +02:00
global.h MINOR: ssl: add a global tunable for the max SSL/TLS record size 2013-02-21 07:53:13 +01:00
hdr_idx.h [BUG] files were missing for hdr_idx in previous commit 2006-12-04 02:20:02 +01:00
lb_chash.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_fas.h MEDIUM: backend: add the 'first' balancing algorithm 2012-02-21 22:27:27 +01:00
lb_fwlc.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_fwrr.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_map.h [CLEANUP] proxy: move last lb-specific bits to their respective files 2009-10-03 18:41:18 +02:00
listener.h DOC: tfo: bump required kernel to linux-3.7 2013-02-14 00:03:04 +01:00
log.h BUG/MINOR: log: make log-format, unique-id-format and add-header more independant 2012-12-28 09:51:00 +01:00
obj_type.h MAJOR: connection: replace struct target with a pointer to an enum 2012-11-12 00:42:33 +01:00
peers.h MEDIUM: checks: Add agent health check 2013-02-13 11:03:28 +01:00
pipe.h [MEDIUM] introduce pipe pools 2009-01-25 13:49:53 +01:00
port_range.h [MEDIUM] add support for binding to source port ranges during connect 2009-06-10 12:23:32 +02:00
proto_http.h MEDIUM: http: add support for "http-request tarpit" rule 2012-12-28 14:47:19 +01:00
proto_tcp.h [MINOR] session-counters: use "track-sc{1,2}" instead of "track-{fe,be}-counters" 2010-08-10 18:04:15 +02:00
protocol.h MEDIUM: tcp: add explicit support for delayed ACK in connect() 2012-11-24 10:24:27 +01:00
proxy.h MEDIUM: checks: Add agent health check 2013-02-13 11:03:28 +01:00
queue.h [MAJOR] ported pendconn to mempools v2 2007-05-13 20:19:55 +02:00
sample.h BUG/MAJOR: ensure that hdr_idx is always reserved when L7 fetches are used 2012-10-05 22:46:09 +02:00
server.h MEDIUM: connection: introduce "struct conn_src" for servers and proxies 2012-12-09 10:04:39 +01:00
session.h CLEANUP: session: use an array for the stick counters 2012-12-09 15:57:16 +01:00
signal.h [MEDIUM] signals: add support for registering functions and tasks 2010-08-27 18:00:40 +02:00
ssl_sock.h MEDIUM: ssl: add support for SNI and wildcard certificates 2012-09-10 09:27:02 +02:00
stick_table.h MEDIUM: stick-table: allocate the table key of size buffer size 2012-10-29 21:56:59 +01:00
stream_interface.h MAJOR: connection: replace struct target with a pointer to an enum 2012-11-12 00:42:33 +01:00
task.h [MEDIUM] signals: add support for registering functions and tasks 2010-08-27 18:00:40 +02:00
template.h [CLEANUP] included common/version.h everywhere 2006-06-29 18:54:54 +02:00