[Mono-bugs] [Bug 80946][Wis] Changed - Slow SSL Performance with Mono.Security and Novell LDAP library for C#

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Fri Feb 23 12:35:21 EST 2007 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=80946

--- shadow/80946	2007-02-23 10:55:39.000000000 -0500
+++ shadow/80946.tmp.12306	2007-02-23 12:35:21.000000000 -0500
@@ -1,14 +1,14 @@
 Bug#: 80946
 Product: Mono: Class Libraries
 Version: 1.1
-OS: 
+OS: unknown
 OS Details: Windows Server 2003 R2
 Status: NEW   
 Resolution: 
-Severity: 
+Severity: Unknown
 Priority: Wishlist
 Component: Mono.Security
 AssignedTo: sebastien at ximian.com                            
 ReportedBy: jtepera at hearstsc.com               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
@@ -50,6 +50,35 @@
 Fast, consistent response times when authenticating via LDAP using SSL.
 
 How often does this happen? 
 Very often.
 
 Additional Information:
+
+------- Additional Comments From sebastien at ximian.com  2007-02-23 12:35 -------
+Establishing an SSL/TLS connection is expensive. The main reason is
+the key exchange, which involves a RSA computation, required in the
+handshake. The required time is a function of the key length.
+
+The time inconsistence is due to an optimization. The SSL/TLS
+protocols (and Mono.Security.dll) supports reusing session security
+parameters. In this case the server can accept (or refuse) to reuse a
+previous handshake (which means a complete handshake was previously
+done) result and the client can take a shortcut around the (expansive)
+RSA computation.
+
+So the only way to "fix" the time inconsistence would be to remove the
+optimization, resulting in every case to be slow. In this case
+inconsistant times are good and not the sign of a problem.
+
+As for the slow performance issue you need to be aware that, by
+design, Mono.Security.dll is a completely managed assembly. This has a
+lot of advantages (like portability) but "ultimate speed" isn't one of
+them. Most toolkits use assembly code to handcode critical parts of
+the big integer operations required for RSA computations. 
+
+Things will improve with time (e.g. JIT optimizations, better
+algorithms) but Mono.Security.dll can't (and won't ever) perform like
+hand-tuned CPU specific code to handle RSA.
+
+I'm keeping this open, as an enhancement request, and will add
+comments whenever some optimizations/changes affects SSL/TLS speed.

More information about the mono-bugs mailing list