[Prev] Thread [Next] |
[Prev] Date [Next]
Re: Caching TLS connections (XSTOPTLS)
Thu Jun 25 11:00:53 2009
On Thu, Jun 25, 2009 at 12:00:31PM -0400, Wietse Venema wrote:
> > I'd like to propose a Postfix-specific ESMTP feature that would
> > enable the caching of TLS connections by disabling crypto on
> > the session before putting it into the cache, and re-enabling
> > crypto right after.
> So, the use case is that a connection was used by process X, and
> reused by a different process Y.
> Can you quantify the gains, in terms of of long-distance network
> roundtrips? Assuming that the DNS lookup is cached on-site, the
> gain would be the TCP-level handshake. What else?
Connection caching is not about saving round-trips, it is about
overcoming adverse (orders of magnitude higher) latency when
k of N MX hosts are down and non-responsive (30s timeout vs.
sub-second TCP 3-way handshake latency when the host is up).
Caching connections allows one to avoid new connection creation, which
involves unpredictable latency. The alternative could be a negative
cache for dead MX hosts with a life-time comparable to the connection
re-use time (300s).