EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElSSLServer and concurrent clients

Posted: 12/09/2015 12:40:31
by Doug Summersgill (Standard support level)
Joined: 05/14/2015
Posts: 12

Do you have an example of using TElSSLServer which handles concurrent client connections?

The Chat example is kind of what I'm looking for, but it can only handle 1 connection at a time.

Posted: 12/09/2015 15:06:42
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

We don't have such sample for TElSSLServer, but you can use \HTTPBlackbox\Desktop\Server\HTTPServer sample as a reference - TElHTTPSServer is built on top of TElSSLServer and the general idea will be the same except you will not need to adjust HTTP related properties.
Posted: 12/10/2015 14:28:21
by Doug Summersgill (Standard support level)
Joined: 05/14/2015
Posts: 12

Thanks for the help.

I have my server working, but wondering if there is any way to speed it up.

My app is on a Windows CE device and the first connection to the server takes almost 2 minutes. The device is very cpu bound during this time.

Subsequent connections take just a little over 3 seconds, which is fine.

Posted: 12/10/2015 14:45:47
by Ken Ivanov (Team)

Hi Doug,

I believe the major contribution to the CPU burden is caused by DH parameters generation. This involves a lot of heavy cryptographic operations and may cause delays on slow systems.

While you can't avoid this at the moment (as you have to generate a DH keypair anyway), you can move the generation to a different place in your application, before the first connection is accepted. You can do it quietly at the background on application start without affecting the UI and the server accessibility.

To generate the DH keypair forcefully, just call the SBSSLServer.Unit.PrepareSSLServerEnvironment() method. It is likely to take a couple of minutes on your system, but you'll be able to accept TLS connections quickly from the very start.

Posted: 12/10/2015 15:15:29
by Doug Summersgill (Standard support level)
Joined: 05/14/2015
Posts: 12

Yes, that is it.

The prepare call takes most of the 2 minutes, then connections take between 3.5 and 4.5 seconds.

Don't really like the slow startup, but if that's my only option, it's ok.

Posted: 12/10/2015 15:58:10
by Eugene Mayevski (Team)

We are discussing the component to let you generate a set of keys beforehand and use them afterwards. That will be more productive, than to generate everything again and again on startup.

Sincerely yours
Eugene Mayevski
Posted: 12/10/2015 16:07:30
by Doug Summersgill (Standard support level)
Joined: 05/14/2015
Posts: 12

That would be great.

I can tell you though that the performance difference between my CE device (an Atom 1.2 GHz processor) and my i7 desktop when calling PrepareSSLServerEnvironment is hard to believe.

CE = 70 to 120 seconds
Desktop = < .5 seconds

I realize there's some big OS differences, but I kind of think something is wrong.

Posted: 12/10/2015 16:16:29
by Eugene Mayevski (Team)

Unfortunately that's the difference between processor architectures. If you take a look at the server market, you can see that a couple of years ago some guys decided that ARM-based servers could replace Intel-based ones (at least for web). Simply, this didn't work due to performance reasons and you won't find any serious offer that uses ARM.

Sincerely yours
Eugene Mayevski



Topic viewed 2802 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!