[jira] [Commented] (TS-2365) Configure max TLS record size

Fri, 29 Nov 2013 06:07:29 -0800 

    [ 
https://issues.apache.org/jira/browse/TS-2365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13835387#comment-13835387
 ] 

Wei Sun commented on TS-2365:
-----------------------------

The reason I put the variable in SSLConfigParams is I'd like to keep all ssl 
related configurations at a same place (i.e. ssl.session_cache, 
ssl.session_cache.size, etc.), and seems SSLConfigParams is instantialized for 
one time. But I think you're right for the concerns, and using 
SSLConfig::scoped_config. Setting a reloadable global variable in SSLConfig and 
retrieving it from UnixnetVConnection may need to consider safe. Checking the 
configuration when SSLNetVConnection is created might make things complex since 
the object is memcpy'ed for the construction.

I think the configuration won't be frequently changed, how about simply reading 
the configuration via REC_ReadConfigInteger in SSLConfigParams, and retrieve it 
in SSLNetVConnection via SSLConfig::scoped_config (one call), then assign it to 
the member variable per SSLNetVConnection instance? Feel free to edit it if you 
prefer RECU_DYNAMIC.

> Configure max TLS record size
> -----------------------------
>
>                 Key: TS-2365
>                 URL: https://issues.apache.org/jira/browse/TS-2365
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Core, SSL
>            Reporter: Wei Sun
>            Assignee: James Peach
>              Labels: A
>             Fix For: 4.2.0
>
>         Attachments: ssl_maxrecordsize.diff, ssl_maxrecordsize2.diff
>
>
> The client can decipher the data only once it has received a full record over 
> SSL. The record size can have significant impact on the page load time 
> performance of the application. No limitation on record size means that 
> clients might have to download up to 16KB of data before starting to process 
> them, whereas very small records incur a larger overhead due to record 
> framing. The suggestion is to configure the TLS record size to fit into a 
> single TCP segment, this can improve page load times on browsers located over 
> high latency or low bandwidth networks.
> ref: 
> http://www.igvita.com/2013/10/24/optimizing-tls-record-size-and-buffering-latency/



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Reply via email to