On Oct 22, 10:32 pm, Wan-Teh Chang <w...@google.com> wrote: > I'm wondering if your server is spending some of the 100 ms in > checking the revocation status of the client certificate. Did > you enable OCSP checking? No, haven't configured any OCSP server.
I went through the handshake with a debugger and found the following: - when a new client is accepted, SSL_ConfigSecureServer takes about 200 ms. - the first SSL_ForceHandshake is fast; I assume it receives some data from the client and requests a certificate - the second SSL_ForceHandshake takes about 200 ms. This is probably because it's verifying the client's certificate. I think I could get rid of the SSL_ConfigSecureServer delay by first performing it on a dummy SSL file descriptor and pass it as a model to SSL_ImportFD for every accpeted client. But what's with the SSL_ForceHandshake delay? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
