From 731962016096b08fb9ff5bce0178a3287334bc6b Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 7 Jun 2012 22:39:57 +0900
Subject: [PATCH] Added SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION and
 TCP_NODELAY

---
 examples/shrpx_ssl.cc | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/examples/shrpx_ssl.cc b/examples/shrpx_ssl.cc
index ea8cd0ea..5cc2056b 100644
--- a/examples/shrpx_ssl.cc
+++ b/examples/shrpx_ssl.cc
@@ -26,6 +26,7 @@
 
 #include <sys/socket.h>
 #include <netdb.h>
+#include <netinet/tcp.h>
 
 #include <event2/bufferevent.h>
 #include <event2/bufferevent_ssl.h>
@@ -73,7 +74,9 @@ SSL_CTX* create_ssl_context()
     DIE();
   }
   SSL_CTX_set_options(ssl_ctx,
-                      SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION);
+                      SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION |
+                      SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+
   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
@@ -125,6 +128,12 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
       LOG(ERROR) << "SSL_new() failed";
       return 0;
     }
+    int val = 1;
+    rv = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY,
+                    reinterpret_cast<char *>(&val), sizeof(val));
+    if(rv == -1) {
+      LOG(WARNING) << "Setting option TCP_NODELAY failed";
+    }
     bufferevent *bev = bufferevent_openssl_socket_new
       (evbase, fd, ssl,
        BUFFEREVENT_SSL_ACCEPTING, BEV_OPT_DEFER_CALLBACKS);