Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Ok. Let me be clearer on our customers' need--there are ISPs with hundreds of domains and they cannot rely on clients to support session caching--there is a NEED for OpenSSL HARDWARE CARDS support for PCI slots. Otherwise 20-25 SSL connections for different client IP/ports is insufficient for pros. Regards, Gorkem Ates On Mon, Feb 16, 2009 at 9:00 PM, Arno Garrels wrote: > Fastream Technologies wrote: > >>> Make sure session caching is working, it can notably increase the >>> maximum number of plain accepts per second. Note that the client must >>> support session caching as well, otherwise it would work. However >>> most common browsers support it. >> >> Ok. Do you have a tool that is capable of sess. caching and web stress >> testing? > > Yes, I use a my private, ugly tool. It most likely does not messure > what you are after and it is not made for the public. > >> I used my own web stress tester but that is not capable of it >> right now! > > It is so easy to add two event handlers and enter three lines each, > look at the sample OverbyteIcsHttpsTst.cbproj in the ICS V7 SVN repository > (including property SslContext.SslSessionCacheModes). > > -- > Arno Garrels > > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- Gorkem Ates Fastream Technologies Software IQ: Innovation & Quality www.fastream.com | Email: supp...@fastream.com | Tel: +90-312-223-2830 | MSN: g_a...@hotmail.com Join IQWF Server Yahoo group at http://groups.yahoo.com/group/IQWFServer Join IQ Reverse Proxy Yahoo group at http://groups.yahoo.com/group/IQReverseProxy -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Fastream Technologies wrote: >> Make sure session caching is working, it can notably increase the >> maximum number of plain accepts per second. Note that the client must >> support session caching as well, otherwise it would work. However >> most common browsers support it. > > Ok. Do you have a tool that is capable of sess. caching and web stress > testing? Yes, I use a my private, ugly tool. It most likely does not messure what you are after and it is not made for the public. > I used my own web stress tester but that is not capable of it > right now! It is so easy to add two event handlers and enter three lines each, look at the sample OverbyteIcsHttpsTst.cbproj in the ICS V7 SVN repository (including property SslContext.SslSessionCacheModes). -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Hello,
On Mon, Feb 16, 2009 at 4:42 PM, Arno Garrels wrote:
>
> Fastream Technologies wrote:
> > Ok. I made it "IQRP". It seems to work with functions being called but
> > despite the server consuming 90% CPU (dual core), the performance is
> > still at 20 connections/sec!
>
> Make sure session caching is working, it can notably increase the
> maximum number of plain accepts per second. Note that the client must
> support session caching as well, otherwise it would work. However most
> common browsers support it.
Ok. Do you have a tool that is capable of sess. caching and web stress
testing? I used my own web stress tester but that is not capable of it
right now!
>
> > This is far lower than hw accelarators. Any idea?
>
> I have no idea how fast hardware accelerators actually are.
What about 1000SSL-TPS!!!?
We need to support OpenSSL hardware PCI cards but I am unable to find
one here to test. I suggest us to launch a project similar to the
ICS-SSL project back in 2003 (which succeeded!) and gather some funds
for this. Or maybe a volunteer "here" would stand up with his acc.
card to test!??
Regards,
SZ
>
> --
> Arno Garrels
>
>
> >
> > On Mon, Feb 16, 2009 at 3:44 PM, Arno Garrels
> > wrote:
> >
> >> Fastream Technologies wrote:
> >>> Where is Ssl_Session_ID_Context defined in ICSv6?? Can't find it!
> >>
> >> It is an arbitrary custom string defined as a const in demo.
> >> You can have multiple of those strings associated with different
> >> resources.
> >>
> >> --
> >> Arno Garrels
> >>
> >>>
> >>> On Mon, Feb 16, 2009 at 12:57 PM, Arno Garrels
> >>> wrote:
> >>>
> You have to use FMyExternalSslSessionCache->GetSvrSession() and
> FMyExternalSslSessionCache->CacheSvrSession()!
> It is also required to set the SslContest.SslSessionCacheModes
> properly:
>
>
> >> [sslSESS_CACHE_SERVER,sslSESS_CACHE_NO_INTERNAL_LOOKUP,sslSESS_CACHE_NO_INTERNAL_STORE]
>
> Delphi code:
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * *}
> procedure TSslWebServForm.SslHttpServer1SslSetSessionIDContext(
> Sender : TObject;
> var SessionIDContext : String);
> begin
> { Tell Openssl a Session_ID_Context.
> }
> { Openssl uses this data to tag a session before it's cached.
> }
> { It's an arbitrary custom string
> }
> SessionIDContext := Ssl_Session_ID_Context;
> end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * *}
> procedure TSslWebServForm.SslHttpServer1SslSvrGetSession(
> Sender : TObject;
> var SslSession : Pointer;
> SessId : Pointer;
> Idlen : Integer;
> var IncRefCount : Boolean);
> var
> LookupKey : string;
> begin
> SetLength(LookupKey, IDLen);
> Move(SessId^, Pointer(LookupKey)^, IDLen);
> SslSession := SslAvlSessionCache1.GetSvrSession(LookupKey +
>
>
> Ssl_Session_ID_Context, IncRefCount);
> end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * *}
> procedure TSslWebServForm.SslHttpServer1SslSvrNewSession(
> Sender : TObject;
> SslSession,
> SessId : Pointer;
> Idlen : Integer;
> var AddToInternalCache : Boolean);
> var
> LookupKey : string;
> begin
> SetLength(LookupKey, IDLen);
> Move(SessId^, Pointer(LookupKey)^, IDLen);
> SslAvlSessionCache1.CacheSvrSession(SslSession,
> LookupKey +
> Ssl_Session_ID_Context,
> AddToInternalCache); if DisplaySslInfoCheckBox.Checked then
> Display('[' + FormatDateTime('HH:NN:SS', Now) + ' ' +
> TWSocket(Sender).GetPeerAddr + '] New SSL session
> created and ' +
> 'cached in external cache class.');
> end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> * * * * *}
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Fastream Technologies wrote:
> Ok. I made it "IQRP". It seems to work with functions being called but
> despite the server consuming 90% CPU (dual core), the performance is
> still at 20 connections/sec!
Make sure session caching is working, it can notably increase the
maximum number of plain accepts per second. Note that the client must
support session caching as well, otherwise it would work. However most
common browsers support it.
> This is far lower than hw accelarators. Any idea?
I have no idea how fast hardware accelerators actually are.
--
Arno Garrels
>
> On Mon, Feb 16, 2009 at 3:44 PM, Arno Garrels
> wrote:
>
>> Fastream Technologies wrote:
>>> Where is Ssl_Session_ID_Context defined in ICSv6?? Can't find it!
>>
>> It is an arbitrary custom string defined as a const in demo.
>> You can have multiple of those strings associated with different
>> resources.
>>
>> --
>> Arno Garrels
>>
>>>
>>> On Mon, Feb 16, 2009 at 12:57 PM, Arno Garrels
>>> wrote:
>>>
You have to use FMyExternalSslSessionCache->GetSvrSession() and
FMyExternalSslSessionCache->CacheSvrSession()!
It is also required to set the SslContest.SslSessionCacheModes
properly:
>> [sslSESS_CACHE_SERVER,sslSESS_CACHE_NO_INTERNAL_LOOKUP,sslSESS_CACHE_NO_INTERNAL_STORE]
Delphi code:
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * *}
procedure TSslWebServForm.SslHttpServer1SslSetSessionIDContext(
Sender : TObject;
var SessionIDContext : String);
begin
{ Tell Openssl a Session_ID_Context.
}
{ Openssl uses this data to tag a session before it's cached.
}
{ It's an arbitrary custom string
}
SessionIDContext := Ssl_Session_ID_Context;
end;
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * *}
procedure TSslWebServForm.SslHttpServer1SslSvrGetSession(
Sender : TObject;
var SslSession : Pointer;
SessId : Pointer;
Idlen : Integer;
var IncRefCount : Boolean);
var
LookupKey : string;
begin
SetLength(LookupKey, IDLen);
Move(SessId^, Pointer(LookupKey)^, IDLen);
SslSession := SslAvlSessionCache1.GetSvrSession(LookupKey +
Ssl_Session_ID_Context, IncRefCount);
end;
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * *}
procedure TSslWebServForm.SslHttpServer1SslSvrNewSession(
Sender : TObject;
SslSession,
SessId : Pointer;
Idlen : Integer;
var AddToInternalCache : Boolean);
var
LookupKey : string;
begin
SetLength(LookupKey, IDLen);
Move(SessId^, Pointer(LookupKey)^, IDLen);
SslAvlSessionCache1.CacheSvrSession(SslSession,
LookupKey +
Ssl_Session_ID_Context,
AddToInternalCache); if DisplaySslInfoCheckBox.Checked then
Display('[' + FormatDateTime('HH:NN:SS', Now) + ' ' +
TWSocket(Sender).GetPeerAddr + '] New SSL session
created and ' +
'cached in external cache class.');
end;
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * *}
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit
our website at http://www.overbyte.be
>>>
>>>
>>>
>>> --
>>> Gorkem Ates
>>> Fastream Technologies
>>> Software IQ: Innovation & Quality
>>> www.fastream.com | Email: supp...@fastream.com | Tel:
>>> +90-312-223-2830 | MSN: g_a...@hotmail.com
>>> Join IQWF Server Yahoo group at
>>> http://groups.yahoo.com/group/IQWFServer Join IQ Reverse Proxy Yahoo
>>> group at http://groups.yahoo.com/group/IQReverseProxy
>> --
>> To unsubscribe or change your settings for TWSocket mailing list
>> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
>> Visit our website at http://www.overbyte.be
>>
>
>
>
> --
> Gorkem Ates
> Fastream Technologies
> Software IQ: Innovation & Quality
> www.fastream.com | Email: supp...@fastream.com | Tel:
> +90-312-223-2830 | MSN: g_a...@hotmail.com
> Join IQWF Server Yahoo group at
> http://groups.yahoo.com/group/IQWFServer Join IQ Reverse Proxy Yahoo
> group at http://groups.yahoo.com/group/IQReverseProxy
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Ok. I made it "IQRP". It seems to work with functions being called but
despite the server consuming 90% CPU (dual core), the performance is still
at 20 connections/sec! This is far lower than hw accelarators. Any idea?
On Mon, Feb 16, 2009 at 3:44 PM, Arno Garrels wrote:
> Fastream Technologies wrote:
> > Where is Ssl_Session_ID_Context defined in ICSv6?? Can't find it!
>
> It is an arbitrary custom string defined as a const in demo.
> You can have multiple of those strings associated with different
> resources.
>
> --
> Arno Garrels
>
> >
> > On Mon, Feb 16, 2009 at 12:57 PM, Arno Garrels
> > wrote:
> >
> >> You have to use FMyExternalSslSessionCache->GetSvrSession() and
> >> FMyExternalSslSessionCache->CacheSvrSession()!
> >> It is also required to set the SslContest.SslSessionCacheModes
> >> properly:
> >>
> >>
> [sslSESS_CACHE_SERVER,sslSESS_CACHE_NO_INTERNAL_LOOKUP,sslSESS_CACHE_NO_INTERNAL_STORE]
> >>
> >> Delphi code:
> >>
> >> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> >> * * * *}
> >> procedure TSslWebServForm.SslHttpServer1SslSetSessionIDContext(
> >>Sender : TObject;
> >>var SessionIDContext : String);
> >> begin
> >>{ Tell Openssl a Session_ID_Context.
> >> }
> >>{ Openssl uses this data to tag a session before it's cached.
> >> }
> >>{ It's an arbitrary custom string
> >> }
> >>SessionIDContext := Ssl_Session_ID_Context;
> >> end;
> >>
> >>
> >> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> >> * * * *}
> >> procedure TSslWebServForm.SslHttpServer1SslSvrGetSession(
> >>Sender : TObject;
> >>var SslSession : Pointer;
> >>SessId : Pointer;
> >>Idlen : Integer;
> >>var IncRefCount : Boolean);
> >> var
> >>LookupKey : string;
> >> begin
> >>SetLength(LookupKey, IDLen);
> >>Move(SessId^, Pointer(LookupKey)^, IDLen);
> >>SslSession := SslAvlSessionCache1.GetSvrSession(LookupKey +
> >>
> >>
> >> Ssl_Session_ID_Context, IncRefCount);
> >> end;
> >>
> >>
> >> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> >> * * * *}
> >> procedure TSslWebServForm.SslHttpServer1SslSvrNewSession(
> >>Sender : TObject;
> >>SslSession,
> >>SessId : Pointer;
> >>Idlen : Integer;
> >>var AddToInternalCache : Boolean);
> >> var
> >>LookupKey : string;
> >> begin
> >>SetLength(LookupKey, IDLen);
> >>Move(SessId^, Pointer(LookupKey)^, IDLen);
> >>SslAvlSessionCache1.CacheSvrSession(SslSession,
> >>LookupKey +
> >>Ssl_Session_ID_Context,
> >>AddToInternalCache); if DisplaySslInfoCheckBox.Checked then
> >>Display('[' + FormatDateTime('HH:NN:SS', Now) + ' ' +
> >>TWSocket(Sender).GetPeerAddr + '] New SSL session
> >> created and ' +
> >>'cached in external cache class.');
> >> end;
> >>
> >>
> >> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> >> * * * *}
> >>
> >> --
> >> Arno Garrels
> >>
> >> --
> >> To unsubscribe or change your settings for TWSocket mailing list
> >> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> >> Visit our website at http://www.overbyte.be
> >>
> >
> >
> >
> > --
> > Gorkem Ates
> > Fastream Technologies
> > Software IQ: Innovation & Quality
> > www.fastream.com | Email: supp...@fastream.com | Tel:
> > +90-312-223-2830 | MSN: g_a...@hotmail.com
> > Join IQWF Server Yahoo group at
> > http://groups.yahoo.com/group/IQWFServer Join IQ Reverse Proxy Yahoo
> > group at http://groups.yahoo.com/group/IQReverseProxy
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
--
Gorkem Ates
Fastream Technologies
Software IQ: Innovation & Quality
www.fastream.com | Email: supp...@fastream.com | Tel: +90-312-223-2830 |
MSN: g_a...@hotmail.com
Join IQWF Server Yahoo group at http://groups.yahoo.com/group/IQWFServer
Join IQ Reverse Proxy Yahoo group at
http://groups.yahoo.com/group/IQReverseProxy
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Fastream Technologies wrote:
> Where is Ssl_Session_ID_Context defined in ICSv6?? Can't find it!
It is an arbitrary custom string defined as a const in demo.
You can have multiple of those strings associated with different
resources.
--
Arno Garrels
>
> On Mon, Feb 16, 2009 at 12:57 PM, Arno Garrels
> wrote:
>
>> You have to use FMyExternalSslSessionCache->GetSvrSession() and
>> FMyExternalSslSessionCache->CacheSvrSession()!
>> It is also required to set the SslContest.SslSessionCacheModes
>> properly:
>>
>> [sslSESS_CACHE_SERVER,sslSESS_CACHE_NO_INTERNAL_LOOKUP,sslSESS_CACHE_NO_INTERNAL_STORE]
>>
>> Delphi code:
>>
>> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>> * * * *}
>> procedure TSslWebServForm.SslHttpServer1SslSetSessionIDContext(
>>Sender : TObject;
>>var SessionIDContext : String);
>> begin
>>{ Tell Openssl a Session_ID_Context.
>> }
>>{ Openssl uses this data to tag a session before it's cached.
>> }
>>{ It's an arbitrary custom string
>> }
>>SessionIDContext := Ssl_Session_ID_Context;
>> end;
>>
>>
>> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>> * * * *}
>> procedure TSslWebServForm.SslHttpServer1SslSvrGetSession(
>>Sender : TObject;
>>var SslSession : Pointer;
>>SessId : Pointer;
>>Idlen : Integer;
>>var IncRefCount : Boolean);
>> var
>>LookupKey : string;
>> begin
>>SetLength(LookupKey, IDLen);
>>Move(SessId^, Pointer(LookupKey)^, IDLen);
>>SslSession := SslAvlSessionCache1.GetSvrSession(LookupKey +
>>
>>
>> Ssl_Session_ID_Context, IncRefCount);
>> end;
>>
>>
>> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>> * * * *}
>> procedure TSslWebServForm.SslHttpServer1SslSvrNewSession(
>>Sender : TObject;
>>SslSession,
>>SessId : Pointer;
>>Idlen : Integer;
>>var AddToInternalCache : Boolean);
>> var
>>LookupKey : string;
>> begin
>>SetLength(LookupKey, IDLen);
>>Move(SessId^, Pointer(LookupKey)^, IDLen);
>>SslAvlSessionCache1.CacheSvrSession(SslSession,
>>LookupKey +
>>Ssl_Session_ID_Context,
>>AddToInternalCache); if DisplaySslInfoCheckBox.Checked then
>>Display('[' + FormatDateTime('HH:NN:SS', Now) + ' ' +
>>TWSocket(Sender).GetPeerAddr + '] New SSL session
>> created and ' +
>>'cached in external cache class.');
>> end;
>>
>>
>> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>> * * * *}
>>
>> --
>> Arno Garrels
>>
>> --
>> To unsubscribe or change your settings for TWSocket mailing list
>> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
>> Visit our website at http://www.overbyte.be
>>
>
>
>
> --
> Gorkem Ates
> Fastream Technologies
> Software IQ: Innovation & Quality
> www.fastream.com | Email: supp...@fastream.com | Tel:
> +90-312-223-2830 | MSN: g_a...@hotmail.com
> Join IQWF Server Yahoo group at
> http://groups.yahoo.com/group/IQWFServer Join IQ Reverse Proxy Yahoo
> group at http://groups.yahoo.com/group/IQReverseProxy
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Where is Ssl_Session_ID_Context defined in ICSv6?? Can't find it!
On Mon, Feb 16, 2009 at 12:57 PM, Arno Garrels wrote:
> You have to use FMyExternalSslSessionCache->GetSvrSession() and
> FMyExternalSslSessionCache->CacheSvrSession()!
> It is also required to set the SslContest.SslSessionCacheModes properly:
>
> [sslSESS_CACHE_SERVER,sslSESS_CACHE_NO_INTERNAL_LOOKUP,sslSESS_CACHE_NO_INTERNAL_STORE]
>
> Delphi code:
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *}
> procedure TSslWebServForm.SslHttpServer1SslSetSessionIDContext(
>Sender : TObject;
>var SessionIDContext : String);
> begin
>{ Tell Openssl a Session_ID_Context.
> }
>{ Openssl uses this data to tag a session before it's cached.
> }
>{ It's an arbitrary custom string
> }
>SessionIDContext := Ssl_Session_ID_Context;
> end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *}
> procedure TSslWebServForm.SslHttpServer1SslSvrGetSession(
>Sender : TObject;
>var SslSession : Pointer;
>SessId : Pointer;
>Idlen : Integer;
>var IncRefCount : Boolean);
> var
>LookupKey : string;
> begin
>SetLength(LookupKey, IDLen);
>Move(SessId^, Pointer(LookupKey)^, IDLen);
>SslSession := SslAvlSessionCache1.GetSvrSession(LookupKey +
> Ssl_Session_ID_Context,
> IncRefCount);
> end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *}
> procedure TSslWebServForm.SslHttpServer1SslSvrNewSession(
>Sender : TObject;
>SslSession,
>SessId : Pointer;
>Idlen : Integer;
>var AddToInternalCache : Boolean);
> var
>LookupKey : string;
> begin
>SetLength(LookupKey, IDLen);
>Move(SessId^, Pointer(LookupKey)^, IDLen);
>SslAvlSessionCache1.CacheSvrSession(SslSession,
>LookupKey + Ssl_Session_ID_Context,
>AddToInternalCache);
>if DisplaySslInfoCheckBox.Checked then
>Display('[' + FormatDateTime('HH:NN:SS', Now) + ' ' +
>TWSocket(Sender).GetPeerAddr + '] New SSL session created
> and ' +
>'cached in external cache class.');
> end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *}
>
> --
> Arno Garrels
>
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
--
Gorkem Ates
Fastream Technologies
Software IQ: Innovation & Quality
www.fastream.com | Email: supp...@fastream.com | Tel: +90-312-223-2830 |
MSN: g_a...@hotmail.com
Join IQWF Server Yahoo group at http://groups.yahoo.com/group/IQWFServer
Join IQ Reverse Proxy Yahoo group at
http://groups.yahoo.com/group/IQReverseProxy
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Thanks. It would be nicer if you provided C++ code though! Will try this
ASAP and let you know.
On Mon, Feb 16, 2009 at 12:57 PM, Arno Garrels wrote:
> You have to use FMyExternalSslSessionCache->GetSvrSession() and
> FMyExternalSslSessionCache->CacheSvrSession()!
> It is also required to set the SslContest.SslSessionCacheModes properly:
>
> [sslSESS_CACHE_SERVER,sslSESS_CACHE_NO_INTERNAL_LOOKUP,sslSESS_CACHE_NO_INTERNAL_STORE]
>
> Delphi code:
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *}
> procedure TSslWebServForm.SslHttpServer1SslSetSessionIDContext(
>Sender : TObject;
>var SessionIDContext : String);
> begin
>{ Tell Openssl a Session_ID_Context.
> }
>{ Openssl uses this data to tag a session before it's cached.
> }
>{ It's an arbitrary custom string
> }
>SessionIDContext := Ssl_Session_ID_Context;
> end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *}
> procedure TSslWebServForm.SslHttpServer1SslSvrGetSession(
>Sender : TObject;
>var SslSession : Pointer;
>SessId : Pointer;
>Idlen : Integer;
>var IncRefCount : Boolean);
> var
>LookupKey : string;
> begin
>SetLength(LookupKey, IDLen);
>Move(SessId^, Pointer(LookupKey)^, IDLen);
>SslSession := SslAvlSessionCache1.GetSvrSession(LookupKey +
> Ssl_Session_ID_Context,
> IncRefCount);
> end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *}
> procedure TSslWebServForm.SslHttpServer1SslSvrNewSession(
>Sender : TObject;
>SslSession,
>SessId : Pointer;
>Idlen : Integer;
>var AddToInternalCache : Boolean);
> var
>LookupKey : string;
> begin
>SetLength(LookupKey, IDLen);
>Move(SessId^, Pointer(LookupKey)^, IDLen);
>SslAvlSessionCache1.CacheSvrSession(SslSession,
>LookupKey + Ssl_Session_ID_Context,
>AddToInternalCache);
>if DisplaySslInfoCheckBox.Checked then
>Display('[' + FormatDateTime('HH:NN:SS', Now) + ' ' +
>TWSocket(Sender).GetPeerAddr + '] New SSL session created
> and ' +
>'cached in external cache class.');
> end;
>
>
> {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *}
>
> --
> Arno Garrels
>
> --
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
You have to use FMyExternalSslSessionCache->GetSvrSession() and
FMyExternalSslSessionCache->CacheSvrSession()!
It is also required to set the SslContest.SslSessionCacheModes properly:
[sslSESS_CACHE_SERVER,sslSESS_CACHE_NO_INTERNAL_LOOKUP,sslSESS_CACHE_NO_INTERNAL_STORE]
Delphi code:
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *}
procedure TSslWebServForm.SslHttpServer1SslSetSessionIDContext(
Sender : TObject;
var SessionIDContext : String);
begin
{ Tell Openssl a Session_ID_Context.}
{ Openssl uses this data to tag a session before it's cached. }
{ It's an arbitrary custom string }
SessionIDContext := Ssl_Session_ID_Context;
end;
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *}
procedure TSslWebServForm.SslHttpServer1SslSvrGetSession(
Sender : TObject;
var SslSession : Pointer;
SessId : Pointer;
Idlen : Integer;
var IncRefCount : Boolean);
var
LookupKey : string;
begin
SetLength(LookupKey, IDLen);
Move(SessId^, Pointer(LookupKey)^, IDLen);
SslSession := SslAvlSessionCache1.GetSvrSession(LookupKey +
Ssl_Session_ID_Context,
IncRefCount);
end;
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *}
procedure TSslWebServForm.SslHttpServer1SslSvrNewSession(
Sender : TObject;
SslSession,
SessId : Pointer;
Idlen : Integer;
var AddToInternalCache : Boolean);
var
LookupKey : string;
begin
SetLength(LookupKey, IDLen);
Move(SessId^, Pointer(LookupKey)^, IDLen);
SslAvlSessionCache1.CacheSvrSession(SslSession,
LookupKey + Ssl_Session_ID_Context,
AddToInternalCache);
if DisplaySslInfoCheckBox.Checked then
Display('[' + FormatDateTime('HH:NN:SS', Now) + ' ' +
TWSocket(Sender).GetPeerAddr + '] New SSL session created and '
+
'cached in external cache class.');
end;
{* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *}
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Hello,
This is what is in the Httpstst example:
void __fastcall THttpTestForm::SslHttpCli1SslCliNewSession(TObject *Sender,
Pointer SslSession, bool WasReused, bool &IncRefCount)
{
TSslHttpCli* HttpCli;
// SslCliNewSession/SslCliGetSession allow external, client-side session
// caching.
if (!SessCacheCheckBox->Checked)
return;
HttpCli = (TSslHttpCli*)Sender;
if (!WasReused) {
FMyExternalSslSessionCache->CacheCliSession(SslSession,
HttpCli->CtrlSocket->PeerAddr +
HttpCli->CtrlSocket->PeerPort,
IncRefCount);
Display("! New SSL session");
}
else
Display("! SSL Session reused");
}
//---
void __fastcall THttpTestForm::SslHttpCli1SslCliGetSession(TObject *Sender,
Pointer &SslSession, bool &FreeSession)
{
TSslHttpCli* HttpCli;
// SslCliNewSession/SslCliGetSession allow external, client-side session
// caching.
if (!SessCacheCheckBox->Checked)
return;
HttpCli = (TSslHttpCli*)Sender;
SslSession = FMyExternalSslSessionCache->GetCliSession(
HttpCli->CtrlSocket->PeerAddr +
HttpCli->CtrlSocket->PeerPort,
FreeSession);
FreeSession = TRUE;
}
//---
Now the parameters changed in the server code! I found the signatures and
converted them to C++ but what's the equvalent of WasReused??
void __fastcall ReverseProxyThread::ReverseProxyNewSSLSession(TObject
*Sender, Pointer SslSession, Pointer SessId, int Idlen, bool
&AddToInternalCache)
{
THttpMTConnection* HttpCli;
// SslCliNewSession/SslCliGetSession allow external, client-side session
// caching.
HttpCli = (THttpMTConnection*)Sender;
if (!WasReused) {
FMyExternalSslSessionCache->CacheCliSession(SslSession,
HttpCli->PeerAddr +
HttpCli->PeerPort,
IncRefCount);
}
}
//---
void __fastcall ReverseProxyThread::ReverseProxyGetSSLSession(TObject
*Sender, Pointer &SslSession, Pointer SessId, int Idlen, bool &IncRefCount);
{
THttpMTConnection* HttpCli;
// SslCliNewSession/SslCliGetSession allow external, client-side session
// caching.
HttpCli = (THttpMTConnection*)Sender;
SslSession = FMyExternalSslSessionCache->GetCliSession(
HttpCli->PeerAddr +
HttpCli->PeerPort,
FreeSession);
FreeSession = TRUE;
}
//---
Could you help? Let me elaborate the problem: I believe there are two caches
and we do NOT want to use the "internal" one, right? Sorry but it is not as
clear you said...
Regards,
SZ
On Mon, Feb 16, 2009 at 10:44 AM, Arno Garrels wrote:
> Fastream Technologies wrote:
> > I got compiler errors when I last tried to integrate the avl cache!
> > Can you send me a C++ example?
>
> Look at the sample OverbyteIcsHttpsTst.cbproj in the ICS V7 SVN repository.
> Server-side caching just uses different events, their names are
> self-explanatory.
>
> --
> Arno Garrels
>
> >
> > Regards,
> >
> > SZ
> >
> > On Sun, Feb 15, 2009 at 7:50 PM, Arno Garrels
> > wrote:
> >
> >> Fastream Technologies wrote:
> >>
> >>> Currently I get 20 SSL TPS local-to-local. When keep-alive is
> >>> enabled, this goes up to 2000.
> >>
> >> Do you use a SSL session cache, either the built-in OpenSSl session
> >> cache or (IMHO faster) the ICS AVL session cache?
> >>
> >> --
> >> Arno Garrels
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Session Cache (was OpenSSL hardware accelerators)
Fastream Technologies wrote: > I got compiler errors when I last tried to integrate the avl cache! > Can you send me a C++ example? Look at the sample OverbyteIcsHttpsTst.cbproj in the ICS V7 SVN repository. Server-side caching just uses different events, their names are self-explanatory. -- Arno Garrels > > Regards, > > SZ > > On Sun, Feb 15, 2009 at 7:50 PM, Arno Garrels > wrote: > >> Fastream Technologies wrote: >> >>> Currently I get 20 SSL TPS local-to-local. When keep-alive is >>> enabled, this goes up to 2000. >> >> Do you use a SSL session cache, either the built-in OpenSSl session >> cache or (IMHO faster) the ICS AVL session cache? >> >> -- >> Arno Garrels >> -- -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
