On Wed, Dec 14, 2022 at 07:17:43PM -0500, Demi Marie Obenour wrote:
> > None have come up sofar. So maybe it is safe to make it the default.
> > We know it works well for small messages. but I'd like so see
> > performance metrics for large email messages, because many connections
> > are handled by a smaller number of single-threaded tlsproxy
> > processes.
>
> Can these processes handle multiple connections concurrently in an
> event-driven manner?
Of course, but a single proxy process does not take advantage of
multiple CPUs, and the cryptographic processing, especially of the
initial handshake to set up a new TLS session, is serialised within each
process. This should not be a problem under realistic conditions.
Bulk encryption also adds some internal latency, but modern CPUs have
hardware accelerated AES that makes this latency largely insignificant
for SMTP.
--
Viktor.
