mod_s2s: Remove connection timeout once it's no longer needed Reduces the number of left-over timers to handle after many s2s connections were started, leaving only the ones related to incomplete connections.

net.server_epoll: Call onconnect immediately after TLS handshake completion Skips a roundtrip through the main loop in case client-first data is available already, if not then :onreadable() will set the appropriate timeout.

net.server_epoll: Refactor immediate TLS handshake start

net.server_epoll: Keep socket registered in epoll trough TLS wrapping There's the theory that the socket isn't the same before/after wrap(), but since epoll operates on FD numbers this shouldn't matter.

net.server_epoll: Use TLS handshake timeout after initiating handshake The :init() method sets a different timeout than the TLS related methods.

net.server_epoll: Start TLS handshake immediately on newly accepted connections Since TLS is a client-first protocol there is a chance that the ClientHello message is available already. TLS Fast Open and/or the TCP_DEFER_ACCEPT socket option would increase that chance.

net.server_epoll: Factor out TLS initialization into a method So there's :startls(), :inittls() and :tlshandshake() :starttls() prepares for plain -> TLS upgrade and ensures that the (unencrypted) write buffer is drained before proceeding. :inittls() wraps the connection and does things like SNI, DANE etc. :tlshandshake() steps the TLS negotiation forward until it completes

net.server_epoll: Fix typo

mod_s2s: Log debug message on attempted close of an connectionless session This should probably never happen, but probably does anyways. A debug message would show the truth of the matter.

mod_s2s: Drop level of indentation by inverting a condition and early return Nicer to get rid of a conditional that covers such a large portion of a pretty big function.