Comments (12)
- session cache
- load intermediary CA certs
from h2o.
- configurable list of ciphersuites
from h2o.
note: H2O supports session resumption (OpenSSL by default uses a in-memory session cache).
https://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html
from h2o.
- server name indication
from h2o.
- SSL false start
from h2o.
The question is whether if we need to implement dynamic TLS record sizing, considering the fact that the overhead of limiting TLS record size to 1,400 bytes is around 2% (overhead per TLS record is (at minimum) 26 bytes in case of SHA1 or 29 bytes in case of current implementation when using 128-bit block cipher in CBC mode).
from h2o.
Support building against PolarSSL:
https://polarssl.org/
from h2o.
@hedgehog is there any reason where PolarSSL is favorable (e.g. faster on ARM?)?
At the moment, I am thinking that switching from OpenSSL to LibreSSL might be a good idea (as IIRC it supports things like ALPN which is still beta in OpenSSL).
from h2o.
Note that PolarSSL is GPL.
See:
- https://polarssl.org/kb/licensing/using-polarssl-in-a-non-gpl-project
- https://polarssl.org/kb/licensing/why-use-the-gpl-license-instead-of-license-xyz
from h2o.
@kazuho, the reasons is related to arm, but not necessarily just speed.
Supporting PolarSSL would mean a system could avoid having to install OpenSSL, which reduces bloat. - which is a consideration in ARM systems.
Regarding Licensing:
I've always thought the WTFPL license is as unambiguous as you can get. The legal version of the coders ode to minimal code "No code is faster than no code".... "No licence condition is clearer than no conditions"
Beside you even get enterprise grade logo support for free:
I should add the license permits removing the expletive, as long as you rename it.
from h2o.
@hedgehog Thank you for the clarification.
Supporting PolarSSL would mean a system could avoid having to install OpenSSL, which reduces bloat. - which is a consideration in ARM systems.
Understood. I am not excluding the possibility that libh2o will be used in embedded systems, for which favoring a smaller (and less complex) TLS implementation than OpenSSL would be a good idea. However as discussed in #90 (comment) that is not my (or my employiers) primary interest. So it is unlikely that I would add support for PolarSSL myself.
Polar SSL has an exemption for the WTFPL
Is my understanding right that the license exception only covers FOSS applications that are linked against PolarSSL? If that is the case, people would not be possible to link libh2o (using PolarSSL as the TLS implemenatation) to their commercial, non-open-source programs. IMO that may become a obstacle for people trying to use libh2o (+PolarSSL) on the embedded systems.
note: I am not against the idea of adding support for PolarSSL, I just want to make the differences clear.
from h2o.
FYI... PolarSSL is in the process of moving into mbedTLS1 which brings a change of license to the more permissive Apache license.
from h2o.
Related Issues (20)
- Incorrect reply for status 204 in http2 HOT 3
- Cloudflare Real IP HOT 1
- http1client#update_read_state may have a difficult-to-stop erroneous invariant HOT 1
- An ability to terminate the underlying connection abruptly HOT 2
- Malformed HTTP/1.1 Request Causes Out Of Memory Error Within H2O Server With HTTP Backend (Zero Day) HOT 5
- switch to a new release model HOT 4
- An error : unknown command: mruby.handler-file HOT 1
- [mruby] Leverage mruby-pack methods
- Custom allocator HOT 1
- Corrupt timer in `cascade_one` HOT 3
- Custom h2o_fatal HOT 2
- Is it possible to forward requests to native code?
- Bugs in HTTP/2 to HTTP/1.1 translation HOT 1
- Automl Sparkling Water Actual modelling steps: [] HOT 4
- linkedlist unlink segfault HOT 3
- [Question] Clarification on HTTP/3 Support Status HOT 2
- h2o.examp1e.net certificate already expired HOT 1
- HTTP/3 request without :authority
- Question about security report HOT 3
- general 32-bit (i386) support HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from h2o.