[Cryptography] OpenSSL minimal "safe" configuration?
Brian Smith
brian at briansmith.org
Tue Jan 12 00:17:14 EST 2016
Henry Baker <hbaker1 at pipeline.com> wrote:
> Do any of the existing open source tls/ssl implementations use multiple
> cores?
>
Firefox will do certificate validation in parallel with the
ClientKeyExchange computations. That is, the certificate path building,
certificate signature verification, and other certificate stuff is all done
in one thread, while the (EC)DHE keygen, (EC)DHE agreement, signature
verification of the ServerKeyExchange message, handshake transcript
hashing, Finished message computation, Finished message
decryption/authentication, etc. are all done in another thread. Further,
Firefox sends/receives the handshake messages concurrently with certificate
validation.
The mechanisms for applications to do this are in NSS's libssl, which is
thread-safe as far as the developers are aware. (That is, it probably isn't
thread-safe.)
Cheers,
Brian
--
https://briansmith.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160111/356346e0/attachment.html>
More information about the cryptography
mailing list