summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_ssltls.h
diff options
context:
space:
mode:
authorIgor Sysoev <igor@sysoev.ru>2017-01-17 20:00:00 +0300
committerIgor Sysoev <igor@sysoev.ru>2017-01-17 20:00:00 +0300
commit16cbf3c076a0aca6d47adaf3f719493674cf2363 (patch)
treee6530480020f62a2bdbf249988ec3e2a751d3927 /src/nxt_ssltls.h
downloadunit-16cbf3c076a0aca6d47adaf3f719493674cf2363.tar.gz
unit-16cbf3c076a0aca6d47adaf3f719493674cf2363.tar.bz2
Initial version.
Diffstat (limited to '')
-rw-r--r--src/nxt_ssltls.h70
1 files changed, 70 insertions, 0 deletions
diff --git a/src/nxt_ssltls.h b/src/nxt_ssltls.h
new file mode 100644
index 00000000..7bdc1946
--- /dev/null
+++ b/src/nxt_ssltls.h
@@ -0,0 +1,70 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ * Copyright (C) NGINX, Inc.
+ */
+
+#ifndef _NXT_SSLTLS_H_INCLUDED_
+#define _NXT_SSLTLS_H_INCLUDED_
+
+
+/*
+ * The SSL/TLS libraries lack vector I/O interface yet add noticeable
+ * overhead to each SSL/TLS record so buffering allows to decrease the
+ * overhead. The typical overhead size is about 30 bytes, however, TLS
+ * supports also random padding up to 255 bytes. The maximum SSLv3/TLS
+ * record size is 16K. However, large records increase decryption latency.
+ * 4K is good compromise between 1-6% of SSL/TLS overhead and the latency.
+ * 4K buffer allows to send one SSL/TLS record (4096-bytes data and up to
+ * 224-bytes overhead) in three 1440-bytes TCP/IPv4 packets with timestamps
+ * and compatible with tunnels.
+ */
+
+#define NXT_SSLTLS_BUFFER_SIZE 4096
+
+
+typedef struct nxt_ssltls_conf_s nxt_ssltls_conf_t;
+
+
+typedef struct {
+ nxt_int_t (*server_init)(nxt_ssltls_conf_t *conf);
+ nxt_int_t (*set_versions)(nxt_ssltls_conf_t *conf);
+} nxt_ssltls_lib_t;
+
+
+struct nxt_ssltls_conf_s {
+ void *ctx;
+ void (*conn_init)(nxt_thread_t *thr,
+ nxt_ssltls_conf_t *conf,
+ nxt_event_conn_t *c);
+
+ const nxt_ssltls_lib_t *lib;
+
+ char *certificate;
+ char *certificate_key;
+ char *ciphers;
+
+ char *ca_certificate;
+
+ size_t buffer_size;
+};
+
+
+#if (NXT_HAVE_OPENSSL)
+extern const nxt_ssltls_lib_t nxt_openssl_lib;
+#endif
+
+#if (NXT_HAVE_GNUTLS)
+extern const nxt_ssltls_lib_t nxt_gnutls_lib;
+#endif
+
+#if (NXT_HAVE_CYASSL)
+extern const nxt_ssltls_lib_t nxt_cyassl_lib;
+#endif
+
+#if (NXT_HAVE_POLARSSL)
+extern const nxt_ssltls_lib_t nxt_polar_lib;
+#endif
+
+
+#endif /* _NXT_SSLTLS_H_INCLUDED_ */