[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: Caching TLS connections (XSTOPTLS) Victor Duchovni Thu Jun 25 11:00:53 2009

On Thu, Jun 25, 2009 at 12:00:31PM -0400, Wietse Venema wrote:

> > I'd like to propose a Postfix-specific ESMTP feature that would
> > enable the caching of TLS connections by disabling crypto on
> > the session before putting it into the cache, and re-enabling
> > crypto right after.
> So, the use case is that a connection was used by process X, and
> reused by a different process Y.


> Can you quantify the gains, in terms of of long-distance network
> roundtrips? Assuming that the DNS lookup is cached on-site, the
> gain would be the TCP-level handshake.  What else?

Connection caching is not about saving round-trips, it is about
overcoming adverse (orders of magnitude higher) latency when
k of N MX hosts are down and non-responsive (30s timeout vs.
sub-second TCP 3-way handshake latency when the host is up).

Caching connections allows one to avoid new connection creation, which
involves unpredictable latency. The alternative could be a negative
cache for dead MX hosts with a life-time comparable to the connection
re-use time (300s).