Viktor Dukhovni:
> On Wed, Dec 14, 2022 at 07:17:43PM -0500, Demi Marie Obenour wrote:
>
> > > None have come up sofar. So maybe it is safe to make it the default.
> > > We know it works well for small messages. but I'd like so see
> > > performance metrics for large email messages, because many connections
> > > are handled by a smaller number of single-threaded tlsproxy
> > > processes.
> >
> > Can these processes handle multiple connections concurrently in an
> > event-driven manner?
>
> Of course, but a single proxy process does not take advantage of
> multiple CPUs, and the cryptographic processing, especially of the
> initial handshake to set up a new TLS session, is serialised within each
> process. This should not be a problem under realistic conditions.
>
> Bulk encryption also adds some internal latency, but modern CPUs have
> hardware accelerated AES that makes this latency largely insignificant
> for SMTP.
And by design, the number of tlsproxy processes increases as the
workload increases, so that multiple CPUs will be used if needed.
Wietse
