[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Pnet-developers] SSL/TLS support in pnetlib

From: Gopal V
Subject: Re: [Pnet-developers] SSL/TLS support in pnetlib
Date: Sun, 1 Jun 2003 10:58:16 +0530
User-agent: Mutt/1.2.5i

If memory serves me right, Chris Smith wrote:
> We need control over the session.
> Sometimes you want to avoid the SSL handshake, and thus will want to
> use the existing SSL_CTX sesssion.

That is something I asked ... ie a list of SSL sessions based on the 
URI authority ... and have a SSLCache.GetContext(provider,"hostname") 
to return a new session or a cached one instead of an explicit new 
session everytime ?. 

> Generally you want to cache SSL contexts for use over repeat connections to
> the same server as this makes DRASTIC perfomance increases.  The server
> will force a re-handshake when it deems necessary, so clients don't have to
> worry about it too much.

Well, the issue there is slightly complicated as we don't really know if an
SSL connection exists as of now ... I'd rather handle this in DotGNU.SSL 
via the hostnames , than overload the already huge HttpWebRequest...

Considering the fact that I have to implement the Keep-Alive mode in 
HttpWebRequest anyway using a cached set of connections based on hostname 
(someday of course ;-) , I do think we are in for a rough ride in http ..

> Hmm, presumably the session will be invalid and a rehandshake would be
> performed.

Actually it does not allow you to have multiple sockets defined for a single
session , attempting which we get an InvalidOperationException from DotGNU.SSL
A second session.PerformHandshake(socket2) throws an InvalidOperationException
so currently I'm stuck to one socket per session.

I have no idea how OpenSSL works (which should be documented somewhere) and
absolutely no idea on DotGNU.SSL which does not seem to respond to csdoc in
any useful way :-)

The bottom line is "it works" ... now "making it work better" wheels have
to turn :-)

The difference between insanity and genius is measured by success

reply via email to

[Prev in Thread] Current Thread [Next in Thread]