The source code needs some cleanup as it includes a ton of OpenSSL files.
These are notes from Adam Powers, the author of the code the idea is to have a daemon that listens to ssl connections, decrypts them and passes the requests on to a webserver (or serves up a static webpage?). this requires hooking into OpenSSL to do all the encryption/decryption and ssl handshaking. a good file to look at is openssl/apps/s_server.c (mostly the MAIN() and sv_body() functions. do_server() is just socket(), bind(), listen() and while(1) accept()). unless anyone has a better idea, implementation will be a process pool with a pipe for IPC. processes will receive a file descriptor, for which they will handle the connection, through this pipe. the process will have a connection open to the webserver and just pass the unencrypted data through. note to self: ALWAYS CHECK FRESHMEAT before starting a new project that someone else could have already done. this ssl proxy has already been made many many times, an example of which is jonama. -A -- AdamPowers - 23 Nov 2000
well, all is said and done and there are two modes: static and dynamic. static mode gets approximately 900 connections per second and dynamic gets 750 connections per second. since static isn't a real world test, it'd be nice to do a few tuneups to get the dynamic proxy to do 900+ transactions per second.
-- MattWalsh - 02 Jan 2002
These are notes from Adam Powers, the author of the code the idea is to have a daemon that listens to ssl connections, decrypts them and passes the requests on to a webserver (or serves up a static webpage?). this requires hooking into OpenSSL to do all the encryption/decryption and ssl handshaking. a good file to look at is openssl/apps/s_server.c (mostly the MAIN() and sv_body() functions. do_server() is just socket(), bind(), listen() and while(1) accept()). unless anyone has a better idea, implementation will be a process pool with a pipe for IPC. processes will receive a file descriptor, for which they will handle the connection, through this pipe. the process will have a connection open to the webserver and just pass the unencrypted data through. note to self: ALWAYS CHECK FRESHMEAT before starting a new project that someone else could have already done. this ssl proxy has already been made many many times, an example of which is jonama. -A -- AdamPowers - 23 Nov 2000
well, all is said and done and there are two modes: static and dynamic. static mode gets approximately 900 connections per second and dynamic gets 750 connections per second. since static isn't a real world test, it'd be nice to do a few tuneups to get the dynamic proxy to do 900+ transactions per second.
- add a select() before the accept() with a very small (uS) timeout to and handle multiple fd's in the proxy_server(). this will prevent thrashing between tasks when the proxy_server() select() sleeps.
- turn on kernel profiling and see what's chewing up the system. network connections? thrashing tasks?
- get some gigE cards... that might help lower network latency
- disable the nagle algorithm? play with tcp timers/window sizes? increase buffer sizes?
-- MattWalsh - 02 Jan 2002
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 zip |
Sslproxy.zip | manage | 234.8 K | 02 Jan 2002 - 18:57 | MattWalsh |
Edit | Attach | Print version | History: r1 | Backlinks | Raw View | More topic actionsTopic revision: r1 - 02 Jan 2002 - MattWalsh
Home 
Site map
Main web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Copyright © 2008-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback