From 77bdaa3a933fe6f25b57659a5e24e6a04bd0ece0 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Thu, 19 Oct 2017 08:51:20 -0400 Subject: [PATCH] [mod_openssl] ssl.read-ahead="disable" by default set ssl.read-ahead = "disable" by default (modifies commit f4e1357d) Given various reports from users of embedded systems, the default is being changed to do the sane thing for these systems. This is the right setting on slow embedded systems for which decoding SSL input is slower than receiving that input over the network. On the other hand, for faster systems, ssl.read-ahead = "enable" is recommended for a slight performance gain and should be explicitly set in the global or $SERVER["socket"] configuration blocks in lighttpd.conf x-ref: "https POST requests buffered in RAM since v1.4.41?" https://redmine.lighttpd.net/boards/2/topics/7520 --- src/mod_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mod_openssl.c b/src/mod_openssl.c index 2a29ee99..adc9ad94 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c @@ -941,7 +941,7 @@ SETDEFAULTS_FUNC(mod_openssl_set_defaults) s->ssl_verifyclient_export_cert = 0; s->ssl_disable_client_renegotiation = 1; s->ssl_read_ahead = (0 == i) - ? !srv->config_storage[0]->stream_request_body + ? 0 : p->config_storage[0]->ssl_read_ahead; if (0 != i) buffer_copy_buffer(s->ssl_ca_crl_file, p->config_storage[0]->ssl_ca_crl_file); if (0 != i) buffer_copy_buffer(s->ssl_ca_dn_file, p->config_storage[0]->ssl_ca_dn_file);