mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-02-15 01:47:19 +00:00
bfd5946aa1
Add new tunable "tune.ssl.maxrecord". Over SSL/TLS, the client can decipher the data only once it has received a full record. With large records, it means that clients might have to download up to 16kB of data before starting to process them. Limiting the record size can improve page load times on browsers located over high latency or low bandwidth networks. It is suggested to find optimal values which fit into 1 or 2 TCP segments (generally 1448 bytes over Ethernet with TCP timestamps enabled, or 1460 when timestamps are disabled), keeping in mind that SSL/TLS add some overhead. Typical values of 1419 and 2859 gave good results during tests. Use "strace -e trace=write" to find the best value. This trick was first suggested by Mike Belshe : http://www.belshe.com/2010/12/17/performance-and-the-tls-record-size/ Then requested again by Ilya Grigorik who provides some hints here : http://ofps.oreilly.com/titles/9781449344764/_transport_layer_security_tls.html#ch04_00000101 |
||
|---|---|---|
| .. | ||
| acl.h | ||
| arg.h | ||
| auth.h | ||
| backend.h | ||
| capture.h | ||
| channel.h | ||
| checks.h | ||
| compression.h | ||
| connection.h | ||
| counters.h | ||
| fd.h | ||
| freq_ctr.h | ||
| global.h | ||
| hdr_idx.h | ||
| lb_chash.h | ||
| lb_fas.h | ||
| lb_fwlc.h | ||
| lb_fwrr.h | ||
| lb_map.h | ||
| listener.h | ||
| log.h | ||
| obj_type.h | ||
| peers.h | ||
| pipe.h | ||
| port_range.h | ||
| proto_http.h | ||
| proto_tcp.h | ||
| protocol.h | ||
| proxy.h | ||
| queue.h | ||
| sample.h | ||
| server.h | ||
| session.h | ||
| signal.h | ||
| ssl_sock.h | ||
| stick_table.h | ||
| stream_interface.h | ||
| task.h | ||
| template.h | ||