Skip site navigation (1) Skip section navigation (2)

Re: Speed of SSL connections; cost of renegotiation

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Sean Chittenden <sean(at)chittenden(dot)org>
Cc: pgsql-hackers(at)postgreSQL(dot)org, pgsql-interfaces(at)postgreSQL(dot)org
Subject: Re: Speed of SSL connections; cost of renegotiation
Date: 2003-04-11 02:43:03
Message-ID: 8486.1050028983@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-interfaces
Sean Chittenden <sean(at)chittenden(dot)org> writes:
>> So, questions for the group: where did the decision to renegotiate
>> every 64K come from?  Do we need it at all?  Do we need it at such a
>> short interval?  And if we do need it, shouldn't the logic be
>> symmetric, so that renegotiations are forced during large input
>> transfers as well as large output transfers?

> It doesn't look like there's any guidance from mod_ssl in Apache 2.0.

Yeah, I looked at mod_ssl before sending in my gripe.  AFAICT Apache
*never* forces a renegotiation based on amount of data sent --- all that
code is intended just to handle transitions between different webpages
with different security settings.  So is that a precedent we can follow;
or is it an optimization based on the assumption that not a lot of data
will be transferred on any one web page?

(But even if you assume the latter, there are plenty of web pages with
more than 64K of data.  It's hard to believe mod_ssl would be built
like that if security demands a renegotiation every 64K or so.)

			regards, tom lane


In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2003-04-11 02:54:41
Subject: Re: [HACKERS] More thoughts about FE/BE protocol
Previous:From: Bruce BadgerDate: 2003-04-11 02:21:41
Subject: Re: [HACKERS] More thoughts about FE/BE protocol

pgsql-interfaces by date

Next:From: Tom LaneDate: 2003-04-11 02:54:41
Subject: Re: [HACKERS] More thoughts about FE/BE protocol
Previous:From: Bruce BadgerDate: 2003-04-11 02:21:41
Subject: Re: [HACKERS] More thoughts about FE/BE protocol

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group