Greetings. The first SSL connection in my application was taking some 10 to 16 seconds to return. Thereafter, subsequent SSL connections would complete and return immediately.
I eventually traced the culprit to RAND_poll() in rand_win.c. Specifically, it was the part of RAND_poll() that walks through the list of allocated blocks on the heap(s); this heap walk was consuming almost all of those 16 seconds. I do have a large application, and there were no doubt several heaps, each with many allocated blocks. I see that there was code in place to limit the number of blocks traversed per heap to 50, but there was no limit on the number of separate heaps that may be traversed. In fact, it was visiting some 500 blocks total in my case. (The limit of 50 blocks per heap was as of version 0.9.6d. I note that by 0.9.7-beta3 someone has upped that limit to 80, worsening my problem.) Is it really necessary to visit so many blocks? I put in a quick hack to apply the 50-block limit to the total number of blocks, rather than per heap; this makes it take maybe 2 to 3 seconds instead, which is still pretty slow but at least it's tolerable. (Apparently the heap-walking routines in Win2000 are quite slow.) I am concerned that someone recently felt the need to raise the count to 80, however. What affect will capping this number have on the security of my transactions? Perhaps the limit was originally meant to apply to the total number anyway, and this was just an oversight? It doesn't make a whole lot of sense to limit the number of blocks visited per heap, without also limiting the number of heaps. Do you have any advice? Many thanks, David ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]