OT: limit number of connections from browser to my server?

Mon May 16 13:26:36 EDT 2016

On 05/16/2016 06:06 PM, Grant Edwards wrote:
> This is not Python specific, though I'm turning to Python to do some
> experimentation and to try to prototype a solution.
>
> Is there any way to limit the number of connections a browser uses to
> download a web page?  Browser writers seems to assume that all https
> servers are massively parallel server farms with hardware crypto
> support.
>
> So, when a browser wants to load a page that has the main html file, a
> css file, a javascript library or two, and a few icons and background
> bitmaps, they browser opens up a half-dozen SSL connections in
> parallel.
>
> That's fine when the server is Facebook's server farm.
>
> But when it's a small embedded device running at 40MHz with a
> single-threaded web server and software crypto, it turns a 2-second
> page load time into a 15-second page load time.
>
> When we first added https support years ago, this wasn't a problem.  A
> browser would open _an_ SSL connection (handshake time around 2
> seconds), and then send mutliple HTTP requests over that connection to
> grab a half-dozen files.  Each HTTP request would take a few tens of
> milliseconds, and life was good.
>
> Now that 2-second page load takes up to 10-15 seconds because of all
> the SSL connection setup overhead involved in handling a half-dozen
> "parallel" connections.
>
> I was _hoping_ there was an HTTP header or HTML meta tag that could be
> used to smack the browser with a clue bat, but there doesn't seem to
> be.  [Please tell me I'm wrong...]
>
> Some browsers used to have a global "max parallel connections" setting
> that the user could control, but a) that seems to be gone from recent
> versions of browsers I've looked at, and b) we can't ask customers to
> change that setting just for the benefit of our devices.
>
> So now I'm going to set up a simple Python HTTP server to try some
> other approaches:
>
>    1) Only allow the listening socket to accept 1 connection at a time.
>
>    2) Accept the TCP connection, but don't allow the SSL handshaking to
>       start on the "extra" connections.
>
>    3) ???
>
>    4) Profits!
>
> Any ideas?
>

Have you considered upgrading the device with a recent CPU ? Or is it 
completely out of the picture ?

Depending on what you are selling, it may be actually cheaper than 
spending time trying to make it work.

You could also "externalize" the web service, a 35$ raspberry pi would 
do it. Of course I do realize that everything I said may not make any 
sense, we'd need to know a little bit more about the "device". If 35$ 
double the price, that may not be a good idea.

That being said, your first idea seems also a good lead, have your 
server refuse more than one connection.

jm