Message 100777 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	jcea
Recipients	jcea
Date	2010-03-10.01:20:49
SpamBayes Score	4.538525e-05
Marked as misclassified	No
Message-id	<1268184052.67.0.269640299758.issue8106@psf.upfronthosting.co.za>
In-reply-to

Content
Current SSL module doesn't manage SSL sessions, so any connection must do the full SSL handshake. SSL/TLS support session restarting, when an old SSL context is used in a new connection, so you don't need to do the full SSL handshake. This is a huge performance improvement. I think SSL module should keep a small pool of sessions in core, to reuse. Better yet: a) In SSL sockets, a method should be added to get the SSL context. b) When creating a SSL socket, in client mode, a new optional parameter should be accepted, for a SSL context. c) When creating a SSL socket, in server mode, we have two options: a) provide a dictionary or similar, with different contexts for possible clients connections or, better b) provide a callback the SSL module will call when getting an incoming connection, with a session ID as a parameter. The callback can provide a session SSL state or "None". This second approach allow for session management, like expiration or persistence to disk. (the second option is equivalent to the first if the dict-like object includes this logic inside) What do you think?.

Current SSL module doesn't manage SSL sessions, so any connection must do the full SSL handshake.

SSL/TLS support session restarting, when an old SSL context is used in a new connection, so you don't need to do the full SSL handshake.

This is a huge performance improvement.

I think SSL module should keep a small pool of sessions in core, to reuse. Better yet:

a) In SSL sockets, a method should be added to get the SSL context.

b) When creating a SSL socket, in client mode, a new optional parameter should be accepted, for a SSL context.

c) When creating a SSL socket, in server mode, we have two options: a) provide a dictionary or similar, with different contexts for possible clients connections or, better b) provide a callback the SSL module will call when getting an incoming connection, with a session ID as a parameter. The callback can provide a session SSL state or "None". This second approach allow for session management, like expiration or persistence to disk.

(the second option is equivalent to the first if the dict-like object includes this logic inside)

What do you think?.

History
Date	User	Action	Args
2010-03-10 01:20:52	jcea	set	recipients: + jcea
2010-03-10 01:20:52	jcea	set	messageid: <1268184052.67.0.269640299758.issue8106@psf.upfronthosting.co.za>
2010-03-10 01:20:51	jcea	link	issue8106 messages
2010-03-10 01:20:49	jcea	create