On 2016-05-16, Paul Rubin <no.email@nospam.invalid> wrote:
> Grant Edwards <grant.b.edwa...@gmail.com> writes:
>> I've actually got plenty of RAM. I just can't afford the CPU time
>> it takes to do the public-key crypto stuff that happens each time
>> an SSL connection starts up.
>
> I think you should only have to do that once, then use TLS session
> resumption for additional connections.
Thanks, I'll look into that -- I've seen the term before, but that's
about it.
Is it something the server tells the client to do?
And more to the point, will all popular browsers do it?
> There is also something called TLS-PSK in TLS 1.3. Do you mind
> saying the application, and what clients you have to support?
The application is something proprietary running on proprietary
hardware (32-bit ARM processor running a typical RTOS and a
BSD-derived network stack). The web server is a heavily modified
version of GoAhead 2.something.
I have to support the usual suspect list of browsers: IE, Firefox,
Chrome, Safari.
> What TLS stack are you using?
It's not an open-source one. Beyond that, I can't really say.
> There is generally also a way to configure browsers to limit the
> number of outgoing connections.
I can't ask the browser user to change settings.
> I'll probably be meeting with some TLS experts tomorrow night for
> unrelated reasons, so I can ask them about this if you want.
--
Grant Edwards grant.b.edwards Yow! I want you to MEMORIZE
at the collected poems of
gmail.com EDNA ST VINCENT MILLAY
... BACKWARDS!!
--
https://mail.python.org/mailman/listinfo/python-list
