Article delegate-en/2429 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2428@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: SSL / keep-alive configure question
30 Sep 2003 13:58:27 GMT feedback@delegate.org (Yutaka Sato)


In message <_A2428@delegate-en.ML_> on 09/30/03(20:08:16)
you ppqeqbdyi-rra4sduwc3zr.ml@ml.delegate.org wrote:
 |./delegated -r -P10000 SERVER=https RELAY="no" FSV=sslway MOUNT="/* 
 |https://http-server/*" PERMIT="http:*:*"
 |REMITTABLE="http" CACHE="no" RESOLV=dns
 |
 |The client connects to Delegate at port 10000 and Delegate initiates a 
 |SSL-connection to the remote server. For higher Performance I want to keep 
 |the connection to the remote SSL-server always alive, because the client 
 |sends many requests to delegate and IMHO the SSL-handshake for every 
 |request takes too much cpu-time. Is it possible to configure this (maybe 
 |with HTTPCONF=cka-cfi )?

The connection to a HTTPS server is kept alive during the connection from
a HTTP client is alive.  So the necessary configuration is enabling
Keep-Alive or HTTP/1.1 capability of a HTTP client.
HTTPCONF=cka-cfi is not necessary for FSV, it only affect FCL and FTOCL.

 |If this isn't possible, can Delegate/sslway re-use the SSL session-id? 
 |This would also help to prevent a new SSL-handshake at every request.

I have the plan to support it to avoid possibly multiple duplicate inquiries
for verification of a certificate (which needs manual verification of it)
on initial connection to a server.

Cheers,
Yutaka
--
  D G Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V