From 544d481516024e13c25b5673b8d6b3b647898bae Mon Sep 17 00:00:00 2001 From: Steven Davidovitz Date: Wed, 8 Mar 2017 11:06:20 -0800 Subject: [PATCH] BUG/MINOR: checks: attempt clean shutw for SSL check Strict interpretation of TLS can cause SSL sessions to be thrown away when the socket is shutdown without sending a "close notify", resulting in each check to go through the complete handshake, eating more CPU on the servers. [wt: strictly speaking there's no guarantee that the close notify will be delivered, it's only best effort, but that may be enough to ensure that once at least one is received, next checks will be cheaper. This should be backported to 1.7 and possibly 1.6] --- src/checks.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/checks.c b/src/checks.c index 0668a7645..dba45f0c8 100644 --- a/src/checks.c +++ b/src/checks.c @@ -1349,14 +1349,15 @@ static void event_srv_chk_r(struct connection *conn) *check->bi->data = '\0'; check->bi->i = 0; - /* Close the connection... We absolutely want to perform a hard close - * and reset the connection if some data are pending, otherwise we end - * up with many TIME_WAITs and eat all the source port range quickly. - * To avoid sending RSTs all the time, we first try to drain pending - * data. + /* Close the connection... We still attempt to nicely close if, + * for instance, SSL needs to send a "close notify." Later, we perform + * a hard close and reset the connection if some data are pending, + * otherwise we end up with many TIME_WAITs and eat all the source port + * range quickly. To avoid sending RSTs all the time, we first try to + * drain pending data. */ __conn_data_stop_both(conn); - conn_data_shutw_hard(conn); + conn_data_shutw(conn); /* OK, let's not stay here forever */ if (check->result == CHK_RES_FAILED)