On 2016-05-16, Paul Rubin <no.email@nospam.invalid> wrote: > Grant Edwards <grant.b.edwa...@gmail.com> writes:
>> I've actually got plenty of RAM. I just can't afford the CPU time >> it takes to do the public-key crypto stuff that happens each time >> an SSL connection starts up. > > I think you should only have to do that once, then use TLS session > resumption for additional connections. Thanks, I'll look into that -- I've seen the term before, but that's about it. Is it something the server tells the client to do? And more to the point, will all popular browsers do it? > There is also something called TLS-PSK in TLS 1.3. Do you mind > saying the application, and what clients you have to support? The application is something proprietary running on proprietary hardware (32-bit ARM processor running a typical RTOS and a BSD-derived network stack). The web server is a heavily modified version of GoAhead 2.something. I have to support the usual suspect list of browsers: IE, Firefox, Chrome, Safari. > What TLS stack are you using? It's not an open-source one. Beyond that, I can't really say. > There is generally also a way to configure browsers to limit the > number of outgoing connections. I can't ask the browser user to change settings. > I'll probably be meeting with some TLS experts tomorrow night for > unrelated reasons, so I can ask them about this if you want. -- Grant Edwards grant.b.edwards Yow! I want you to MEMORIZE at the collected poems of gmail.com EDNA ST VINCENT MILLAY ... BACKWARDS!! -- https://mail.python.org/mailman/listinfo/python-list