From: Willy Tarreau <w@1wt.eu>
Date: Mon, 3 Sep 2012 20:33:40 +0000 (+0200)
Subject: MINOR: ssl: disable TCP quick-ack by default on SSL listeners
X-Git-Tag: v1.5-dev12~32
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fbac6638c1cea56155fd3a8bd1e40397dd6801a0;p=thirdparty%2Fhaproxy.git

MINOR: ssl: disable TCP quick-ack by default on SSL listeners

Since the SSL handshake involves an immediate reply from the server
to the client, there's no point responding with a quick-ack before
sending the data, so disable quick-ack by default, just as it is done
for HTTP.

This shows a 2-2.5% transaction rate increase on a dual-core atom.
---

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 82c741ae5b..0cd9c27242 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -6740,7 +6740,7 @@ out_uri_auth_compat:
 
 			/* smart accept mode is automatic in HTTP mode */
 			if ((curproxy->options2 & PR_O2_SMARTACC) ||
-			    (curproxy->mode == PR_MODE_HTTP &&
+			    ((curproxy->mode == PR_MODE_HTTP || listener->ssl_cert) &&
 			     !(curproxy->no_options2 & PR_O2_SMARTACC)))
 				listener->options |= LI_O_NOQUICKACK;