[Python-Dev] TLS handshake performance boost
Christian Heimes
christian at python.org
Mon Sep 5 15:57:24 EDT 2016
Hi,
I have yet another patch for the ssl module,
http://bugs.python.org/issue19500 . The patch adds support for SSL
session resumption on the client side. A SSLContext automatically
handles server-side session. SSL sessions speed up successive TLS
connections to the same host considerable. My naïve benchmark shows
about 15 to 20% performance improvements for short-lived connections to
PyPI. In real-life applications with keep-alive, the speed-up will be a
bit smaller. Cory expects that requests is going to be about 5% faster
for subsequent requests.
https://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
has more information on the topic.
Why is session handling different on the client side? OpenSSL does not
re-use sessions on the client side automatically. To use session
resumptions a SSL_SESSION must be copied from an established SSLSocket
to a new SSLSocket before the handshake. OpenSSL has further
restrictions, e.g. both sockets must use the same SSLContext. Session
cannot be shared between SSLContext.
My patch takes care of these details. The basic features are pretty much
done and tested. But I won't be able to write all documentation by the
end of the week or to write a high-level mechanism to auto-reuse
sessions. I still like to get the feature in before Monday.
What do you think? Are you fine with low-level session feature and
reduced documentation for the beta release?
Christian
More information about the Python-Dev
mailing list