On 2009-10-22 05:50 PDT, Ambroz Bizjak wrote: > Hi, > I'm using NSS in non-blocking mode. To perform a handshake on a SSL > socket, I use SSL_ForceHandshake (if it returns PR_WOULD_BLOCK_ERROR I > retry when the SSL socket becomes readable). It works, but I've > noticed that SSL_ForceHandshake sometimes takes a long time to return > (around 100 ms). I suppose this is because of all the computations > involved.
What kind of system? What CPU? What clock speed? What memory speed? Are you doing client authentication with a client certificate? Are you using Diffie-Hellman Ephemeral cipher suites? 100ms is indeed a long time if you're not. Could your system actually be doing the socket IO on that thread? Does it use the CPU to do the actual network IO? What is the speed of your network link? > As my program is single-threaded (built on a reactor), A reactor? What's that? (nuclear? :) > it cannot respond to anything else while in a long SSL_ForceHandshake > call, which causes latency problems with other I/O my program does. > Is possible to forbid SSL_ForceHandshake from doing any excessive > computation, and to allow me to perform computations in a different > thread, then call SSL_ForceHandshake again from the main thread when > the computation is complete? No, not with NSS as it exists today. > It would theoretically be possible to call SSL_ForceHandshake in a > different thread altogether, but this would be hard and non-optimal in > my case. > > Thank you for help, > Ambroz Bizjak -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
