gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS over multi-stream SCTP, a wrapper...

From: Nikos Mavrogiannopoulos
Subject: Re: TLS over multi-stream SCTP, a wrapper...
Date: Sun, 17 Aug 2008 01:37:08 +0300
User-agent: Thunderbird 2.0.0.16 (X11/20080724) 
Sebastien Decugis wrote:
> Hello,
> 
> Following a design idea from Nikos Mavrogiannopoulos (thanks again), I
> have written a wrapper around the GNU TLS library to achieve TLS
> protection over a multi-stream SCTP connection.
> 
> The basic idea is to replace the transport functions used by gnutls for
> transport, and use an object to aggregate all the sessions and other
> data. One thread is receiving data from the socket, and queueing this
> data in per-stream FIFO lists (demultiplxing step). Then the gnutls
> "pull" function will pick data from the appropriate FIFO list, and
> actually decrypt this data. This is done by a separate thread (one per
> stream). The decrypted data is queued in another FIFO list, from which
> the user can retrieve the received data. See the header file and the
> comments at the top of the files for more information.
> 
> I know this wrapper is not very performant at session initiation because
> it does a full handshake on each pair of stream, and does not
> parallelize this process. This can be easily improved, but makes it more
> complex to debug.

A quick improvement would be to use session resuming after the 1st
session is established. Thus the handshake afterwards would be much faster.

regards,
Nikos
reply via email to
[Prev in Thread] Current Thread [Next in Thread]