Hello, I am trying to establish several parallel TLS-protected channels between two nodes, like this : - establish the first connection (called "master") - TLS handshake, verify credentials, - If successful, establish the other connections (same endpoints) - TLS handshake each of these connections (in parallel in several threads), using the same credentials as the master session.
I got this working, but I would like to optimize the establishment of the multi-connections. I can see several ways to do this, but I would like to know if they are not mis-use of the GnuTLS library. What I am trying to do is: - create several threads after the master handshake and verification, and handle each children handshake independently. - use session resuming from the master session to accelerate the handshake in all children connections. Each connection has an independant gnutls_session_t object, but share the same credentials structures. On the server side, I have set the same session store for all sessions. I need to set the transport pointer in the sessions using the gnutls_transport_set_ptr function. Should I do it before or after the gnutls_session_set_data on the client side? Is there anything more to do ? I don't know if it is relevant, my different channels are actually the same socket object, but different SCTP streams, and I use customs push/pull functions to mux/demux the messages. I can send my code showing the actual implementation if you are interested. So far, I was not able to use multithreading and resuming efficiently. Most of the sessions fail to resume and fallback to a full handshake. I have seen also some strange behavior (store operation with the same key but different data) so I am wondering if this whole mechanism is really possible with GnuTLS. I don't really understand what is behind session resuming, so please tell me if what I am trying to do is really wrong... Thank you in advance, Best regards, Sebastien. _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
