1 files changed, 14 insertions, 0 deletions

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index d8881734b9..7d09846c27 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -51,6 +51,7 @@ static const char *ssl_var_lookup_ssl_cert_rfc4523_cea(apr_pool_t *p, SSL *ssl);
 static const char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, const SSLConnRec *sslconn);
 static const char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, const SSLConnRec *sslconn, const char *var);
 static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
+static const char *ssl_var_lookup_ssl_handshake_rtt(apr_pool_t *p, SSL *ssl);
 static const char *ssl_var_lookup_ssl_version(const char *var);
 static const char *ssl_var_lookup_ssl_compress_meth(SSL *ssl);
 
@@ -472,6 +473,9 @@ static const char *ssl_var_lookup_ssl(apr_pool_t *p, const SSLConnRec *sslconn,
     else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) {
         result = ssl_var_lookup_ssl_cipher(p, sslconn, var+6);
     }
+    else if (ssl != NULL && strcEQ(var, "HANDSHAKE_RTT")) {
+        result = ssl_var_lookup_ssl_handshake_rtt(p, ssl);
+    }
     else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) {
         sk = SSL_get_peer_cert_chain(ssl);
         result = ssl_var_lookup_ssl_cert_chain(p, sk, var+18, 1);
@@ -961,6 +965,16 @@ static void ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algke
     return;
 }
 
+static const char *ssl_var_lookup_ssl_handshake_rtt(apr_pool_t *p, SSL *ssl)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x30200000L
+    apr_uint64_t rtt;
+    if (SSL_get_handshake_rtt(ssl, &rtt) > 0)
+        return apr_psprintf(p, "%" APR_UINT64_T_FMT, rtt);
+#endif
+    return NULL;
+}
+
 static const char *ssl_var_lookup_ssl_version(const char *var)
 {
     if (strEQ(var, "INTERFACE")) {