On May 7, 2006, at 8:03 AM, Marco Rossi wrote:
Dear all, I'm working with an xml messaging protocol where messages are exchaged by means of ssl connections. The client needs to open/close a new connection for every message to sent (the server adopts this policy and it is not possible to change it), so I was trying to understand a little more on BIO_do_connect. In the past, I used to "sleep(2)" on BIO_do_connect to to waif for ssl handshake to be performed, here a snip of code // CTX settngs (keys, cert,...) BIO_get_ssl(out, &ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); BIO_set_nbio(out,1); if (BIO_do_connect(out) <= 0){ sleep(2); } However I noticed "sleep(2)" slows down my client application, I got better times if I don't use sleep and I go directly to use BIO_read and BIO_write, and wait for the BIO to be ready using int values returned by these functions and related macro BIO_should_read ... bytesRead = BIO_read(out, buf, sizeof(buf)); while ( (!(bytesRead == 0)) && (count <NTRIES)){ if (bytesRead <0) { if(BIO_should_read(out) || BIO_should_retry(out)) This works almost fine with SSLv3 but if I try to use TLS 1 (server supports both) I receive too much connection error. Checking what is happening with ssldump I see the handshake hangs up on ClientKeyExchange when the master key should be already be aggred ssldump -q 6 1 0.1293 (0.1293) C>S SSLv2 compatible client hello 6 2 0.2623 (0.1329) S>C Handshake ServerHello 6 3 0.6656 (0.4032) S>C Handshake Certificate ServerKeyExchange CertificateRequest certificate_authority certificate_authority ServerHelloDone 6 4 0.6945 (0.0289) C>S Handshake Certificate 6 5 0.8243 (0.1298) C>S Handshake ClientKeyExchange How could I improve and possibly speed up ssl connetion time in a correct manner ? Thanks, Marco Rossi __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature