In Python 2 and 3, the ssl module's SSLContext object has a way to set SSL options, but not to set SSL modes.
The set_mode command and some of the available modes: https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_mode.html The most critical mode is SSL_MODE_RELEASE_BUFFERS, which can drop the SSL overhead *per connection* from around 25kb to ~7kb. The pyopenssl library allows the setting of SSLContext modes, it seems very odd that the Python 2/3 ssl modules do not. Though I could understand that perhaps not all SSL libraries Python might build against would have this mode thing available. (BoringSSL sets this mode by default its considered such an obvious win) If there is some way to set this I happened to miss, apologies, I only went looking through the docs for it, not the code. On a side-note, in my testing, Python 3.4 had about 20kb/connection of overhead for using SSL, but Python 3.5 jumped to 30kb/connection of SSL overhead. These numbers for SSL overhead are far too high for any reasonable use of Python+SSL on highly concurrent systems. Test repo for testing SSL overhead here: https://github.com/bbangert/ssl-ram-testing/ Cheers, Ben _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
