Re: [openssl-users] TLS Heartbeat
> Yes. We're thinking of using TLS Heartbeats as cheaper KeepAlive option in > idle connections. Use TCP keepalive if really needed. That keeps your application level free to reap truly idle connections if/when it wants to. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS Heartbeat
Yes. We're thinking of using TLS Heartbeats as cheaper KeepAlive option in idle connections. -Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Michael Wojcik Sent: Monday, December 12, 2016 12:19 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] TLS Heartbeat > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Kyle Hamilton > Sent: Sunday, December 11, 2016 02:29 > To: openssl-users > Subject: Re: [openssl-users] TLS Heartbeat > > disable O_NAGLE on the socket? Do you mean enable TCP_NODELAY? That's the standard (POSIX / SUSv3) option that disables the Nagle algorithm. Using it is generally a sign of poorly-written software, created by someone who couldn't take the time to learn how TCP works. But then given the OP's description of the original problem, disabling the Nagle algorithm is likely not the most egregious design decision here. I'll echo Rich's sentiment: If you're using TLS heartbeat, You're Doing It Wrong. Also, note that Nagle / Delayed ACK interaction should only delay transmission for up to 200ms. The OP didn't provide any actual useful information about what the "problem" is, so we don't know whether the heartbeats would have been transmitted after 200ms. If they're not being transmitted for some other reason (e.g. receive window advertised as closed), then disabling Nagle won't make any difference. Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS Heartbeat
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Kyle Hamilton > Sent: Sunday, December 11, 2016 02:29 > To: openssl-users > Subject: Re: [openssl-users] TLS Heartbeat > > disable O_NAGLE on the socket? Do you mean enable TCP_NODELAY? That's the standard (POSIX / SUSv3) option that disables the Nagle algorithm. Using it is generally a sign of poorly-written software, created by someone who couldn't take the time to learn how TCP works. But then given the OP's description of the original problem, disabling the Nagle algorithm is likely not the most egregious design decision here. I'll echo Rich's sentiment: If you're using TLS heartbeat, You're Doing It Wrong. Also, note that Nagle / Delayed ACK interaction should only delay transmission for up to 200ms. The OP didn't provide any actual useful information about what the "problem" is, so we don't know whether the heartbeats would have been transmitted after 200ms. If they're not being transmitted for some other reason (e.g. receive window advertised as closed), then disabling Nagle won't make any difference. Michael Wojcik Distinguished Engineer, Micro Focus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS Heartbeat
On Sat, Dec 10, 2016 at 9:25 PM, Rasool, Kaja Mohideen (Nokia - IN)wrote: > Ok, maybe, TCP is doing it. Is there any other API using which I can specify > the payload length & number of bytes for padding to send a TLS Heartbeat > request? Then, I can use that API to send out a big enough heartbeat request > so my server recognize & responds to it. Maybe related, see https://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/. It shows how to measure and adjust for some throughput improvements. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS Heartbeat
disable O_NAGLE on the socket? -Kyle H On Sat, Dec 10, 2016 at 8:04 AM, Salz, Richwrote: > Heartbeats? Yuk, why. > > > > Most likely, TCP is buffering things until you get a big enough data > packet. I don’t know how to address that. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS Heartbeat
Ok, maybe, TCP is doing it. Is there any other API using which I can specify the payload length & number of bytes for padding to send a TLS Heartbeat request? Then, I can use that API to send out a big enough heartbeat request so my server recognize & responds to it. // Kaja From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich Sent: Saturday, December 10, 2016 9:35 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] TLS Heartbeat Heartbeats? Yuk, why. Most likely, TCP is buffering things until you get a big enough data packet. I don't know how to address that. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] TLS Heartbeat
Heartbeats? Yuk, why. Most likely, TCP is buffering things until you get a big enough data packet. I don’t know how to address that. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users