Tatsuhiro Tsujikawa
d7581525ac
nghttpx: Update TLSv1.3 TLS record overhead
2017-04-27 22:57:06 +09:00
Tatsuhiro Tsujikawa
2d9fd87029
nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3
2017-04-09 14:11:49 +09:00
Tatsuhiro Tsujikawa
058122b804
nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}
...
The namespace shrpx::ssl was also renamed as shrpx::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa
69f63c529d
src: Rename ssl.{h,cc} as tls.{h,cc}
...
nghttp2::ssl namespace was also renamed as nghttp2::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa
26900262f3
Revert "nghttpx: Attempt to avoid TCP RST on socket closure on Linux"
...
This reverts commit f69b52b1aa
.
2017-03-18 22:43:30 +09:00
Tatsuhiro Tsujikawa
9b5ce36368
nghttpx: Reset write timer on write
2017-03-18 21:33:00 +09:00
Tatsuhiro Tsujikawa
f69b52b1aa
nghttpx: Attempt to avoid TCP RST on socket closure on Linux
2017-03-18 00:59:26 +09:00
Tatsuhiro Tsujikawa
feabd6f739
nghttpx: Delete unused delete_bio_method
2017-03-15 23:37:39 +09:00
Tatsuhiro Tsujikawa
1ea590c364
nghttpx: Return new BIO_METHOD object with OpenSSL < 1.1.0
2017-03-15 23:36:38 +09:00
Tatsuhiro Tsujikawa
9cc223d419
nghttpx: Use constexpr
2017-03-15 23:12:50 +09:00
Tatsuhiro Tsujikawa
3e0e3f5459
src: Fix typo
2017-03-10 23:10:13 +09:00
Tatsuhiro Tsujikawa
e5b84fad09
nghttpx: Fix bug that old config is used during reloading config
2017-02-16 22:46:22 +09:00
Tatsuhiro Tsujikawa
6a8749873f
nghttpx: Add detailed TLS connection logging
2017-01-09 23:32:35 +09:00
Tatsuhiro Tsujikawa
3c03024881
nghttpx: Add client-no-http2-cipher-black-list option
...
This commit adds client-no-http2-cipher-black-list option to disable
enforcement of HTTP/2 cipher black list on backend HTTP/2 connection.
Previously, existing no-http2-cipher-black-list option disables it for
both frontend and backend connections. Now no-http2-cipher-black-list
option only disables it for frontend connection.
2017-01-08 22:33:19 +09:00
Tatsuhiro Tsujikawa
3933280d29
src: Fix assertion error with boringssl
...
boringssl says:
/* It is an error to clear any bits that have already been set. (We can't try
* to get a second close_notify or send two.) */
assert((SSL_get_shutdown(ssl) & mode) == SSL_get_shutdown(ssl));
2017-01-02 11:48:38 +09:00
Tatsuhiro Tsujikawa
e9ab75a386
nghttpx: Robust backend read timeout
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
0cf6848646
clang-format-3.9
2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa
a3a6b91c5f
src: Rename OPENSSL_101_API macro as OPENSSL_1_1_API
2016-09-11 00:38:20 +09:00
Tatsuhiro Tsujikawa
9aa26970be
nghttpx: Comment out TCP logging since it is too verbose
2016-09-10 16:49:15 +09:00
Tatsuhiro Tsujikawa
27b250ac8e
nghttpx: Add experimental TCP optimization for h2 frontend
2016-09-10 16:27:48 +09:00
Tatsuhiro Tsujikawa
ded576f423
nghttpx: Fix bug that bytes are doubly counted for TLS connections
2016-09-04 17:28:50 +09:00
Tatsuhiro Tsujikawa
f68dc02d6b
nghttpx: Remove unused private field from Connection object
2016-05-28 22:46:56 +09:00
Tatsuhiro Tsujikawa
6d22898936
src: Compile with OpenSSL 1.1.0-pre5
...
* don't use CRYPTO_LOCK stuff (they are sorted out by openssl, and no
application intervention is required, just like boringSSL)
* don't use OPENSSL_config
* use provided API to access BIO member
2016-05-07 16:18:58 +09:00
Tatsuhiro Tsujikawa
4aa4fe56e1
nghttpx: Destroy SSL object, and always lookup TLS session cache
2016-04-28 22:25:55 +09:00
Tatsuhiro Tsujikawa
0875e66aab
src: Remove streq(const char *) overload
2016-03-25 00:02:07 +09:00
Tatsuhiro Tsujikawa
1832f78684
nghttpx: Move downstream proto to DownstreamAddrGroup
2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa
8741503db1
nghttpx: Add --no-http2-cipher-black-list to allow black listed cipher suite
2016-02-06 17:05:14 +09:00
Tatsuhiro Tsujikawa
85bb37ab7c
Enable ConstructorInitializerAllOnOneLineOrOnePerLine for better diff
2016-01-27 21:14:07 +09:00
Tatsuhiro Tsujikawa
0402481be4
nghttpx: Organize connection related configuration into struct
2016-01-19 16:56:12 +09:00
Tatsuhiro Tsujikawa
0b2c139eaa
clang-format-3.5
2015-10-25 17:04:54 +09:00
Lucas Pardue
dcc9aaaa24
Add TLS dynamic record size behaviour command line options
2015-10-22 14:07:18 +00:00
Tatsuhiro Tsujikawa
ed1e84fc0a
nghttpx: Improve libssl error logging
2015-10-14 22:32:47 +09:00
Tatsuhiro Tsujikawa
f0d2c9f94b
Compile with BoringSSL
...
Compile with BoringSSL except for neverbleed and libnghttp2_asio. The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL. The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Tatsuhiro Tsujikawa
4aaf111c58
nghttpx: Fix assertion failure on TLS handshake
2015-09-15 23:24:30 +09:00
Tatsuhiro Tsujikawa
d70eb14ce0
nghttpx: Drop connection before TLS finish if h2 requirement is not fulfilled
2015-08-31 23:30:40 +09:00
Tatsuhiro Tsujikawa
473311269d
nghttpx: Drop connection if client TLS handshake packet is too large
2015-08-13 01:24:59 +09:00
Tatsuhiro Tsujikawa
e91a576179
nghttpx: Rewrite TLS async handshake using memchunk buffers
2015-08-13 00:42:59 +09:00
Tatsuhiro Tsujikawa
f8c30d0229
nghttpx: Fix heap-use-after-free
2015-08-12 21:14:18 +09:00
Tatsuhiro Tsujikawa
020e66b9da
nghttpx: Start read watcher after handshake
2015-08-11 23:14:48 +09:00
Tatsuhiro Tsujikawa
d2a63a88a0
nghttpx: Fix stall if read buffer has app data when handshake finished
2015-08-11 22:37:15 +09:00
Tatsuhiro Tsujikawa
8410f684fb
nghttpx: Drop connection if client hello is too large
2015-08-10 00:29:43 +09:00
Tatsuhiro Tsujikawa
ff44e211ed
nghttpx: Fix tls handshake bug
...
This fixes 2 things:
1. potential busy loop
2. disabling ticket is not working after resumption
2015-08-09 18:33:49 +09:00
Tatsuhiro Tsujikawa
6446660113
nghttpx: Make record size timeout more durable to high load situation
2015-07-29 20:57:11 +09:00
Tatsuhiro Tsujikawa
d0a37d59a5
nghttpx: Disable TLS session ticket if ticket key is not available
2015-07-29 20:38:49 +09:00
Tatsuhiro Tsujikawa
1708d2e69e
nghttpx: Add doc
2015-07-27 02:14:52 +09:00
Tatsuhiro Tsujikawa
90b4b48c7e
nghttpx: Add shared session cache using memcached
2015-07-26 23:33:06 +09:00
Tatsuhiro Tsujikawa
afbb99ecf7
nghttpx: Enable session resumption on HTTP/2 backend
2015-07-24 23:40:27 +09:00
Tatsuhiro Tsujikawa
0479f833fc
Revert "nghttpx: Remove last write/read fields for TLS"
...
This reverts commit 585af93828
.
2015-05-15 22:20:15 +09:00
Tatsuhiro Tsujikawa
38cfc5c47c
Check more headers and funcs
2015-05-13 23:29:20 +09:00
Tatsuhiro Tsujikawa
d42f31ca78
nghttpx: Fix bug that data buffered in SSL object are not read
...
This is same issue described in https://github.com/h2o/h2o/issues/268 .
That is if SSL object has decrypted data buffered inside it, and
application does not read it for some reason (e.g., rate limit), we
have to check the existence of data using SSL_pending. This is
because buffered data inside SSL is not notified by io watcher. It is
obvious, but we totally missed it.
nghttpx code normally reads everything until SSL_read returns error
(want-read). But if rate limit is involved, we stop reading early.
Also in HTTP/1 code, while processing one request, we just read until
buffer is filled up. In these cases, we may suffer from this problem.
This commit fixes this problem, by performing SSL_pending() and if it
has buffered data and read io watcher is enabled, we feed event using
ev_feed_event().
2015-04-06 22:31:36 +09:00