lp:~measurement-factory/squid/fast-sni
- Get this branch:
- bzr branch lp:~measurement-factory/squid/fast-sni
Branch merges
Branch information
Recent revisions
- 14633. By Christos Tsantilas
-
Polishing fixes
Code formatting, variables fixing, comments and debug messages
Most of them proposed by Amos on squid-dev review procedure.
- 14629. By Christos Tsantilas
-
Polishing fixes
- Replace Handshake::details pointer with an always-available object
- Replace Security::ProtocolVersio n and its "int" representation in TlsDetails
and NegotiationHistory classes with the existing Anyp::ProtocolVersion
- Fix TlsDetails::compressMethod . The clients may send a compression methods
list with a NULL compression method.
Rename to TlsDetails::compressionSup ported.
- Other minor fixes. - 14626. By Alex Rousskov
-
Optimization: Spend less CPU and RAM on adjustSSL(). Speed gain: ~5%.
Do not store extension types just to iterate over them in adjustSSL().
Check for extension support while parsing instead. Since the list of
OpenSSL-supported extensions is constant (does not depend on the
connection), we do not need to create and index extension storage once
for each TLS connection; we now do it once per worker lifetime instead.Use std::unordered_set instead of std::list for ciphers. Most real-world
cipher lists probably contain dozens of 2-byte entries, making std::list
storage a poor choice. Unlike TLS extensions, supported ciphers depend
on the connection so we have to store all of them to check whether each
stored cipher is supported for the SSL connection object created later.
Having an O(1) lookup speeds up that last check a lot compared to the
old linear search across all stored ciphers.Do fast adjustSSL() checks before the longer cipher loop check.
Acknowledge TLS_EMPTY_
RENEGOTIATION_ INFO_SCSV pseudo cipher support. Added TLSEXT_
TYPE_signature_ algorithms( 13) and
TLSEXT_TYPE_next_ proto_neg( 13172) to the list of TLS extensions
supported by OpenSSL and recognized by Squid. Recognizing these
extensions is necessary for adjustSSL() to work in more real-world
cases.Also sorted TLSEXT_TYPE_* entries and replaced "#if 0" code with a way
to build Squid to recognize more extensions as OpenSSL's list grows. - 14625. By Alex Rousskov
-
Finalized BinaryTokenizer context handling. Polished.
No more funny context fields inside TLS structures. Context is handled
by the parsing code without needlessly storing it long-term.Hid TLS structures/parsers used exclusively by
Security::HandshakeParse r inside security/ Handshake. cc to simplify API. Also skipped unused ServerHello.random (instead of storing it in
TlsDetails::clientRandom) and replaced SQUID_TLS_ RANDOM_ SIZE macro
with a regular C++ constant.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:~squid/squid/trunk