Concurrency models (was: Timer)
Alan Kennedy
alanmk at hotmail.com
Tue Oct 28 14:44:53 EST 2003
[Alan Kennedy]
>> My understanding is that using SSL in non-blocking mode is problematic
>> because SSL-level packets can trigger readiness notification on an SSL
>> socket when in fact there is no application-level data available.
[Itamar Shtull-Trauring]
> Twisted does the right thing and makes sure the user doesn't have to
> worry about this. Using SSL is just as easy as using TCP in Twisted.
>
> There are other issues with event loops, like the fact the RSA
> handshake is very expensive so you want to run it in another thread.
> If Twisted ever has performance issues due to this I'll probably
> change the code to do just that, move the handshake stage to a
> threadpool.
Thanks for that Itamar.
IMHO, another good solution to the SSL/Non-Blocking IO problem might
be to run stunnel (www.stunnel.org) to do the SSL decode, and then
forward the decrypted requests to an non-SSL asynch server. Although I
have never tried this.
Stunnel can use OpenSSL, which means that support for hardware crypto
accelerators comes for free, etc, etc.
regards,
--
alan kennedy
-----------------------------------------------------
check http headers here: http://xhaus.com/headers
email alan: http://xhaus.com/mailto/alan
More information about the Python-list
mailing list