[Mono-dev] SSL Channel implementation and SslServerStream

[pablosantosluac]

Hi Sebastien,


> Converting the certificate between the minimal MS X509Certificate and
> the Mono.Security X509Certificate is a very simple process. This could
> be cached but this, alone, won't influence much performance.

Well, actually caching the line I mentioned (I've already tried with the 
same sample I sent to the list last week, creating about 300 connections), 
increases performance about 50%, but yes, when connections are started from 
the same client.

> The key exchange does an expensive RSA operation, but it cannot be
> cached in ServerContext.

Yes, I've seen that too. I guess this is the other line I pointed.

> Now what *could* help is implementing a session cache in the
> server[1][2]. However this helps only caching a session between the
> server and a single client - you cannot share a session between multiple
> clients.

Right, this is more or less what I said, isn't it? I mean, caching somehow 
the initial RSA calculation done in the X509Certificate.

> That being said the server code won't scale to support, efficiently, 350
> sessions. If you need high performance SSL code don't look at a managed
> implementation (and IMO consider hardware acceleration).

Well, that's an interesting answer. Do you mean it is better to implement a 
high-perf server on C than Mono/C#? Or do you just talk about implementing a 
whole SSL channel in C? If so, how? Could you point any samples? I'm not 
familiar with SSL, which hw acceleration would do it better?

Thanks,

pablo