Message100777
| Author |
jcea |
| Recipients |
jcea |
| Date |
2010年03月10日.01:20:49 |
| SpamBayes Score |
4.538525e-05 |
| Marked as misclassified |
No |
| Message-id |
<1268184052.67.0.269640299758.issue8106@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Current SSL module doesn't manage SSL sessions, so any connection must do the full SSL handshake.
SSL/TLS support session restarting, when an old SSL context is used in a new connection, so you don't need to do the full SSL handshake.
This is a huge performance improvement.
I think SSL module should keep a small pool of sessions in core, to reuse. Better yet:
a) In SSL sockets, a method should be added to get the SSL context.
b) When creating a SSL socket, in client mode, a new optional parameter should be accepted, for a SSL context.
c) When creating a SSL socket, in server mode, we have two options: a) provide a dictionary or similar, with different contexts for possible clients connections or, better b) provide a callback the SSL module will call when getting an incoming connection, with a session ID as a parameter. The callback can provide a session SSL state or "None". This second approach allow for session management, like expiration or persistence to disk.
(the second option is equivalent to the first if the dict-like object includes this logic inside)
What do you think?. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2010年03月10日 01:20:52 | jcea | set | recipients:
+ jcea |
| 2010年03月10日 01:20:52 | jcea | set | messageid: <1268184052.67.0.269640299758.issue8106@psf.upfronthosting.co.za> |
| 2010年03月10日 01:20:51 | jcea | link | issue8106 messages |
| 2010年03月10日 01:20:49 | jcea | create |
|