Bug 3858 - check tladm/tlstunnel performance
Summary: check tladm/tlstunnel performance
Status: CLOSED WONTFIX
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Administration (show other bugs)
Version: 3.1.2
Hardware: PC All
: P2 Normal
Target Milestone: 4.9.0
Assignee: Pierre Ossman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-28 11:31 CEST by Pierre Ossman
Modified: 2017-06-20 13:29 CEST (History)
0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio 2011-06-28 11:31:31 CEST 
Using firebug, you can see that something is seriously strange with tlwebadm. Most of the time is spent before the browser can send the request, i.e. during socket handling, process forking and TLS handshake. We should have a look at what's going on here.
Comment 1 Pierre Ossman cendio 2011-07-01 18:08:24 CEST 
I've noticed a couple of issue with the current code:

a) We don't support TLS session caching
b) The upstream example (which we used as a base) has changed pretty severely and now uses a different DH strategy and has removed support for the old broken-by-design "export" cryptos.

These things might explain the problem.
Comment 2 Aaron Sowry cendio 2011-09-28 11:26:53 CEST 
(In reply to comment #1)
> I've noticed a couple of issue with the current code:
> 
> a) We don't support TLS session caching

Found an interesting primer on this which might be helpful:

http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
Comment 3 Pierre Ossman cendio 2011-12-06 13:24:25 CET 
Updated to the latest example code in r23602.
Comment 4 Pierre Ossman cendio 2015-03-05 13:22:25 CET 
We might want to reconsider having any kind of session cache as it could cause problems for perfect forward secrecy. Need to investigate with care.
Note You need to log in before you can comment on or make changes to this bug.