Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...


yet more SSL/TLS speed

Kazuki Oikawa's Rijndael patch is now in SVN, making AES about 10 times faster. Many thanks to him! This is more good news for SSL/TLS users as AES-256 is often the negotiated cipher. At least it's the default between any mono client and Apache or XSP.

The Distributed Systems Research Group, from Charles University (Czech Republic), has been tracking Mono performance for quite a while using several benchmarks, including one based on Rijndael. It's latest graph is worth a look.

9/21/2006 14:01:26 | Comments | Permalink

Gendarme gains XML support, more...

Thanks to Christian Birkl contributions, Gendarme gained support to log it's results into XML in addition to the existing text support. Christian also supplied a very nice XSL transform from which it's possible to generate HTML output too. I integrated HTML support directly in the console runner, so no external tools are required to produce the, Mono-looking, reports.

JB Evain also took the time to create, and apply to Gendarme, a tool to ease the migration to the newer Cecil API.

I also update some rules to provide locations, so the new reports are better looking. I can feel a new release soon :)

9/18/2006 09:16:21 | Comments | Permalink

SSL/TLS fixes and optimizations

A big commit (r65259) was done earlier this week on the SSL/TLS code base. It's main purpose was to enable re-negotiation of the security parameters during an existing session. This is now working nicely using Apache* but, sadly, this didn't fix the bug experienced by Npgsql.

That took a while to fix properly and a lot of debugging sessions, dealing with encrypted data is always full of surprises. I took the time, literally using mono --profile, when testing each change and, gradually, reduced the memory requirements by eliminating the convertion between byte[] and MemoryStream and also the creation of unrequired CryptoStream (and key setup) when using a block cipher (e.g. AES). The original requirements to download a 680Mb file were more than 4Gb of allocations while the current version requires only (still too much) 1.6Gb (37%).

The memory reduction should also benefit performance times, unless, like most of my tests, time becomes network-bound. This happens to me when using wireless (11g) with my laptop (even if it's CPU is rather slow at 1.6ghz) where both wget and mget takes about 4m30s (total time) to download the same 680Mb file (of course user and system time are better for wget ;-)

Testing is now complete, on my side, but it would be nice, and much safer if your applications depend on SSL (e.g. HTTPS), to test this code before it gets released in 1.1.18. A ZIP file with both 1.0 and 2.0 versions of Mono.Security.dll is available here.

* You can try this with Apache by requiring different, and incompatible, SSL ciphers for the root directory and a sub-directory.

9/13/2006 11:42:31 | Comments | Permalink

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.