Menu
I'm writing a multithreaded php client that makes a https requests to an apache reversed proxy and measures some statistics. I'm writing a bachelor thesis about improving the performance with TLS Session Resumption. Now I need to do a proof of concept that proves/disproves this. At the moment I have this code:
$this->synchronized(function($this){
$this->before = microtime(true);
}, $this);
$url = 'https://192.168.0.171/';
# Some dummy data
$data = array('name' => 'Nicolas', 'bank account' => '123462343');
// use key 'http' even if you send the request to https://...
$options = array(
'http' => array(
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
),
"ssl" => array(
"verify_peer" => false,
"verify_peer_name" => false,
"ciphers" => "HIGH:!SSLv2:!SSLv3"
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$this->synchronized(function($this){
$this->after = microtime(true);
}, $this);
$this->counter_group->write($this->before, $this->after, $result);
This code works to do a full handshake, but I can't seem to figure out how to do an resumed handshake in php?
Any help would be greatly appreciated!
277
Transport Layer Security (TLS) Session Resumption without Server-Side State describes a mechanism that enables the Transport Layer Security (TLS) server to resume sessions and avoid keeping per-client session state.
SSL/TLS session reuse is a mechanism within SSL/TLS to reduce the full handshake negotiation between the client and the server, when a connection is established. SSL/TLS session reuse is ENABLED by default for the httpclient. Defect Number.
To help mitigate some of the costs, TLS Session Resumption provides a mechanism to resume or share the same negotiated secret key data between multiple connections. Session resumption is an important optimization deployment.
You can try PHP curl and use CURL_LOCK_DATA_SSL_SESSION
from PHP documentation http://php.net/manual/en/function.curl-share-setopt.php
CURL_LOCK_DATA_SSL_SESSION Shares SSL session IDs, reducing the time spent on the SSL handshake when reconnecting to the same server. Note that SSL session IDs are reused within the same handle by default
As you can read from the description above, the session id is reused by the same handle. But if you want to share between handles you can use curl_share_init for example
$sh = curl_share_init();
curl_share_setopt($sh, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
curl_share_setopt($sh, CURLSHOPT_SHARE, CURL_LOCK_DATA_DNS);
then you can reuse $sh between different requests
$ch1 = curl_init('https://192.168.0.171');
curl_setopt($ch1, CURLOPT_SHARE, $sh);
curl_setopt($ch1, CURLOPT_SSLVERSION, 6); // TLSV1.2
curl_setopt($ch1, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
curl_setopt($ch1, CURLOPT_POST, 1);
curl_setopt($ch1, CURLOPT_POSTFIELDS,
http_build_query( array('name' => 'Nicolas', 'bank account' => '123462343') ));
curl_setopt($ch1, CURLOPT_RETURNTRANSFER, true);
$output = curl_exec($ch1);
and then reuse ( resumed handshake )
$ch2 = curl_init('https://192.168.0.171');
curl_setopt($ch2, CURLOPT_SHARE, $sh);
curl_setopt($ch2, CURLOPT_SSLVERSION, 6); // TLSV1.2
curl_setopt($ch2, CURLOPT_SSL_CIPHER_LIST, 'TLSv1');
curl_setopt($ch2, CURLOPT_RETURNTRANSFER, true);
// ( ... )
curl_exec($ch2);
and close connections
curl_close($ch1);
curl_close($ch2);
But you also need to play with CURLOPT_SSLVERSION and CURLOPT_SSL_CIPHER_LIST . Also, I think you should switch to a different language as PHP has its own quirks, and if you prove or disproves thesis, it's better to use something closer to bare metal so you are sure the extra layer (PHP) doesn't break your benchmarks. I did measure the performance of both requests and it's a bit counter-intuitive but the second one is almost twice slower.
136
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
