EldoS | Feel safer!

Software components for data protection, secure storage and transfer

ValidateForSSL and CheckCRL on Windows CE

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
Posted: 10/02/2015 15:38:05
by Doug Summersgill (Standard support level)
Joined: 05/14/2015
Posts: 12

I have a very basic form trying to Post to a website. I have both Windows desktop (10 or 8) and Windows CE 6 versions of this form.

While using TElHTTPSClient to Post, I am getting extremely poor performance (> 55 seconds) with ValidateForSSL but only on the Windows CE version. The desktop version works fine.

When I configure the certificate validator to not check CRLs, The Windows CE validation performs quickly as expected (~ 4 seconds).

How can I determine what is causing this? and what are the ramifications of not checking the CRL?


Posted: 10/03/2015 12:20:45
by Eugene Mayevski (Team)

Omitting the CRL check lowers security as it potentially lets the client accept certificates, which have been revoked.

Some CRLs can be quite large (we saw CRLs from known CAs being 7Mb large), so slow speed is possible either due to slow response from the server or due to the huge size of the CRL.

Hope this answers your question.

Sincerely yours
Eugene Mayevski
Posted: 10/05/2015 08:18:38
by Doug Summersgill (Standard support level)
Joined: 05/14/2015
Posts: 12

Thank you. I'm not sure this explains the performance difference between the 2 platforms but it makes sense.




Topic viewed 2146 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!