On 2010/08/30 17:32 PDT, Wan-Teh Chang wrote: > On Mon, Aug 30, 2010 at 8:12 AM, Brian Smith <br...@briansmith.org> wrote: >> Wan-Teh Chang wrote: >>> I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13).
The entire "gather" logic, by which incoming records are received, could be simplified enormously, and made much more efficient, once SSL 2.0 support is removed. The existing "gather" logic seems to have been written by someone who feared that he might ever read a byte out of a socket that he could not immediately use, and that he would then need to buffer for some time, as if that was some sort of onerous burden. This led to code that does lots and lots of tiny little reads into a buffer. I would rewrite it to allocate a buffer large enough to hold a maximum posisble size SSL3.x record, and then would always attempt to read in enough data to fill that buffer in a single read. It's something I wanted to do for YEARS, but for as long as I was employed to work on NSS, I was told that continued support for SSL2 was an ongoing business requirement. I am sad that the opportunity to make those simplifications did not come along until it was too late for me. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
