[Mono-bugs] [Bug 80946][Wis] Changed - Slow SSL Performance with Mono.Security and Novell LDAP library for C#
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Fri Feb 23 12:35:21 EST 2007
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by sebastien at ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=80946
--- shadow/80946 2007-02-23 10:55:39.000000000 -0500
+++ shadow/80946.tmp.12306 2007-02-23 12:35:21.000000000 -0500
@@ -1,14 +1,14 @@
Bug#: 80946
Product: Mono: Class Libraries
Version: 1.1
-OS:
+OS: unknown
OS Details: Windows Server 2003 R2
Status: NEW
Resolution:
-Severity:
+Severity: Unknown
Priority: Wishlist
Component: Mono.Security
AssignedTo: sebastien at ximian.com
ReportedBy: jtepera at hearstsc.com
QAContact: mono-bugs at ximian.com
TargetMilestone: ---
@@ -50,6 +50,35 @@
Fast, consistent response times when authenticating via LDAP using SSL.
How often does this happen?
Very often.
Additional Information:
+
+------- Additional Comments From sebastien at ximian.com 2007-02-23 12:35 -------
+Establishing an SSL/TLS connection is expensive. The main reason is
+the key exchange, which involves a RSA computation, required in the
+handshake. The required time is a function of the key length.
+
+The time inconsistence is due to an optimization. The SSL/TLS
+protocols (and Mono.Security.dll) supports reusing session security
+parameters. In this case the server can accept (or refuse) to reuse a
+previous handshake (which means a complete handshake was previously
+done) result and the client can take a shortcut around the (expansive)
+RSA computation.
+
+So the only way to "fix" the time inconsistence would be to remove the
+optimization, resulting in every case to be slow. In this case
+inconsistant times are good and not the sign of a problem.
+
+As for the slow performance issue you need to be aware that, by
+design, Mono.Security.dll is a completely managed assembly. This has a
+lot of advantages (like portability) but "ultimate speed" isn't one of
+them. Most toolkits use assembly code to handcode critical parts of
+the big integer operations required for RSA computations.
+
+Things will improve with time (e.g. JIT optimizations, better
+algorithms) but Mono.Security.dll can't (and won't ever) perform like
+hand-tuned CPU specific code to handle RSA.
+
+I'm keeping this open, as an enhancement request, and will add
+comments whenever some optimizations/changes affects SSL/TLS speed.
More information about the mono-bugs
mailing list