Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
687343002:
Tune two SSL Server Socket parameters. (Closed)
|
Created:
6 years, 1 month ago by GusFernandez Modified:
6 years, 1 month ago CC:
chromium-reviews, cbentzel+watch_chromium.org Base URL:
https://chromium.googlesource.com/chromium/src.git@master Project:
chromium Visibility:
Public. |
DescriptionTune two SSL Server Socket parameters.
Reduce the maximum number of Session ID cache entries to save
memory but increase the session ID cache timeout to be useful.
BUG=426630
Committed: https://crrev.com/91f5db33db20e0aece28f0b66af0f6f53df5fd4c
Cr-Commit-Position: refs/heads/master@{#302373}
Patch Set 1 #
Messages
Total messages: 19 (6 generated)
gusfernandez@chromium.org changed reviewers: + davidben@chromium.org, dougsteed@chromium.org, lcwu@chromium.org, rsleevi@chromium.org
On 2014/10/29 20:37:34, gusfernandez wrote: > mailto:gusfernandez@chromium.org changed reviewers: > + mailto:davidben@chromium.org, mailto:dougsteed@chromium.org, mailto:lcwu@chromium.org, > mailto:rsleevi@chromium.org This is an alternative to https://codereview.chromium.org/679473002 as discussed previously.
An alternative approach to https://codereview.chromium.org/679473002/
rsleevi@chromium.org changed reviewers: + juberti@chromium.org, sergeyu@chromium.org
Adding Sergey (Remoting, p2p socket) and Justin (WebRTC) to comment on whether these numbers are acceptable for them. TL;DR: 64 TLS sessions cached max, process wide (if a client doesn't support TLS session tickets). Does this affect your APIs?
rsleevi@chromium.org changed reviewers: - sergeyu@chromium.org
rsleevi@chromium.org changed reviewers: + jamiewalch@chromium.org, mallinath@chromium.org
-Sergey (who is OOO) +jamie for the chromoting question +mallinath for the P2P sockets question
mallinath@chromium.org changed reviewers: + jiayl@chromium.org - mallinath@chromium.org
On 2014/10/29 20:56:47, Ryan Sleevi wrote: > -Sergey (who is OOO) > +jamie for the chromoting question > +mallinath for the P2P sockets question -mallinath, +jiayl for P2P socket
Remoting doesn't re-use SSL sessions, so I don't think this change affects us.
On 2014/10/30 17:43:39, mallinath2 wrote: > On 2014/10/29 20:56:47, Ryan Sleevi wrote: > > -Sergey (who is OOO) > > +jamie for the chromoting question > > +mallinath for the P2P sockets question > > -mallinath, +jiayl for P2P socket I don't find any p2p socket or webrtc code using these classes.
lgtm
On 2014/10/31 23:31:14, David Benjamin wrote: > lgtm According to the code in https://code.google.com/p/webrtc/source/browse/trunk/webrtc/base/nssstreamada..., we - disable caching - disable session tickets - use SSL_ConfigSecureServer and SSL_ImportFD to pass in our own 'socket' and configure SSL so while I'm not sure whether this change affects us, it's not going to make anything worse.
On 2014/10/31 23:42:10, juberti2 wrote: > On 2014/10/31 23:31:14, David Benjamin wrote: > > lgtm > > According to the code in > https://code.google.com/p/webrtc/source/browse/trunk/webrtc/base/nssstreamada..., > we > - disable caching > - disable session tickets > - use SSL_ConfigSecureServer and SSL_ImportFD to pass in our own 'socket' and > configure SSL > > so while I'm not sure whether this change affects us, it's not going to make > anything worse. Yeah, if anything, it'll probably make you use less memory. :-) But you don't seem to enable //net's SSL server socket, so I think it's a no-op. (Though, given that NSS's session cache seems to be made entirely of globals, I certainly hope none of these uses of NSS's server bits ever run in the same process...)
The CQ bit was checked by gusfernandez@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/687343002/1
Message was sent while issue was closed.
Committed patchset #1 (id:1)
Message was sent while issue was closed.
Patchset 1 (id:??) landed as https://crrev.com/91f5db33db20e0aece28f0b66af0f6f53df5fd4c Cr-Commit-Position: refs/heads/master@{#302373} |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
