[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22966: HTTPS with GnuTLS's 'session-record-port' is inefficient
|
From: |
Ludovic Courtès |
|
Subject: |
bug#22966: HTTPS with GnuTLS's 'session-record-port' is inefficient |
|
Date: |
Wed, 09 Mar 2016 23:02:24 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
(guix build download) uses ‘session-record-port’ from (gnutls), which
returns a port to conveniently write to/read from the TLS session’s
“record” layer.
The problem is that every write to the port, that is, every call to
‘write_to_session_record_port’ in the GnuTLS bindings, leads to the
creation of one “Application Data” packet.
For instance, when (web requests) writes an HTTP GET request, it roughly
does:
(display "GET" port)
(display " " port)
(display uri port)
(display "\n\r" port)
…
it ends up creating a lot of small Application Data packets. When
debugging is enabled in (guix build download), that translates to things
like:
gnutls: [14594|5] REC[0x152c9c0]: Preparing Packet Application Data(23) with
length: 1 and min pad: 0
gnutls: [14594|9] ENC[0x152c9c0]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1
gnutls: [14594|5] REC[0x152c9c0]: Sent Packet[4] Application Data(23) in
epoch 1 and length: 30
Terribly suboptimal.
The difficulty is that the session record port doesn’t do any caching by
itself, and it shouldn’t, because it’s the application’s responsibility.
So we might have to do our own caching and/or use ‘record-send’ and
‘record-receive!’ instead of ‘session-record-port’.
Ludo’.
- bug#22966: HTTPS with GnuTLS's 'session-record-port' is inefficient,
Ludovic Courtès <=