Skip to content

decrease latency for new TLS connections #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mark-kubacki wants to merge 2 commits into
base: master
Choose a base branch
from
Open

decrease latency for new TLS connections #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f5e7195
certs: use ecdsa certs instead of a RSA one
mark-kubacki Dec 14, 2017
05cf4ea
client: use TLS tickets for faster reconnects
mark-kubacki Dec 14, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 10 additions & 22 deletions certs/demo.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,24 +1,12 @@
-----BEGIN CERTIFICATE-----
MIID8TCCAtmgAwIBAgIJAPtYE3vk2Ky2MA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD
VQQGEwJaQTEQMA4GA1UECAwHR2F1dGVuZzEVMBMGA1UEBwwMSm9oYW5uZXNidXJn
MQ0wCwYDVQQKDARMU0IgMREwDwYDVQQLDAhTb2Z0d2FyZTEPMA0GA1UEAwwGUGll
dGVyMSMwIQYJKoZIhvcNAQkBFhRwaWV0ZXJsb3V3QGdtYWlsLmNvbTAeFw0xNzEy
MDUwOTEzNDRaFw0yMDA5MjQwOTEzNDRaMIGOMQswCQYDVQQGEwJaQTEQMA4GA1UE
CAwHR2F1dGVuZzEVMBMGA1UEBwwMSm9oYW5uZXNidXJnMQ0wCwYDVQQKDARMU0Ig
MREwDwYDVQQLDAhTb2Z0d2FyZTEPMA0GA1UEAwwGUGlldGVyMSMwIQYJKoZIhvcN
AQkBFhRwaWV0ZXJsb3V3QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAJ4qMtm2wW6DTD+FzIZGc6CNUg6pRtNPTuSjFxOSYi+uvmymbnfS
9czwPRkqKYfH03oCi4hNmQmiwG6HSBppZE2pQmFYKvBWXPXGwAnHaOFCJ5xOljrs
znNBqpCbTS1hK9KPVJTRumm0bJIIAH4YjUzvolRHhOpJ2L+a2X9YD1CboIsC8NIP
Lg75v4MD0+2i/NaHueaFHHETArVhDCwtgnnttItFM5vSKmSObxz3MIuIjsf4Mf2/
w929i110+457hk+iEeH+otJVjD1O7AlBJwibZ3HFkUo+3O8hckVJazn5Q+yepWb0
1ufVfZ/N3WAjqRCFKvH/FoQezb0n/GmMsY8CAwEAAaNQME4wHQYDVR0OBBYEFM6d
ALIYgzz9SzgmGDISMkZAUIY3MB8GA1UdIwQYMBaAFM6dALIYgzz9SzgmGDISMkZA
UIY3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBACztEQILEK8xFguP
jajsPTOtdHpwgzjYfs2AGR4LGpKw1jZ6sQ5akG8pjjXC3woV5/PeMXutR693yrMh
nXACZDdm00AY2QtC1RMGuVz6egxtVNnOP9WgptZB9O1SZ1oJnY+bccZiyjY5YU5Q
dl8kH8B6dTDqmoFrzlvjz199mV8Tn+0B47XxAzkFG+CHhGcDOMCVgqxScqIfgG3V
H3zxJ/+EKU4LItczN7ZI0nwQpH1ew3rLwmTQJIhnjdrKSE/vjqr/gOGotkblZMjM
3PRTmL7TquRqwwaUmJU0fyP29tzW9xbbEDSSdqNUr4RPnmDv8xHoziu909pAWeM8
9sdXiZU=
MIIB0jCCAXegAwIBAgIJALp6yGU6imKzMAoGCCqGSM49BAMCMEUxCzAJBgNVBAYT
AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn
aXRzIFB0eSBMdGQwHhcNMTcxMjE0MTg1MjQ0WhcNMjAxMDAzMTg1MjQ0WjBFMQsw
CQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJu
ZXQgV2lkZ2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELdov
5Cul8n51tCVlFpBSXaFA8MkE/bgJFd+BqM3JOefO1T6n9xUtOrB/oKH++G82IkVz
BSoviows1EbRnxrT5aNQME4wHQYDVR0OBBYEFPOFh2julx1VHiw1kMgMaOWoR9Ql
MB8GA1UdIwQYMBaAFPOFh2julx1VHiw1kMgMaOWoR9QlMAwGA1UdEwQFMAMBAf8w
CgYIKoZIzj0EAwIDSQAwRgIhALwLiF0C93321WhDTZ6KhZK+X46aqxzUyC6HYdiZ
wYtvAiEA211/4eEUUUngbEs7Cwtn7MBjbx+0vKUOLmp+NUHfTdA=
-----END CERTIFICATE-----
29 changes: 3 additions & 26 deletions certs/demo.key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCeKjLZtsFug0w/
hcyGRnOgjVIOqUbTT07koxcTkmIvrr5spm530vXM8D0ZKimHx9N6AouITZkJosBu
h0gaaWRNqUJhWCrwVlz1xsAJx2jhQiecTpY67M5zQaqQm00tYSvSj1SU0bpptGyS
CAB+GI1M76JUR4TqSdi/mtl/WA9Qm6CLAvDSDy4O+b+DA9PtovzWh7nmhRxxEwK1
YQwsLYJ57bSLRTOb0ipkjm8c9zCLiI7H+DH9v8PdvYtddPuOe4ZPohHh/qLSVYw9
TuwJQScIm2dxxZFKPtzvIXJFSWs5+UPsnqVm9Nbn1X2fzd1gI6kQhSrx/xaEHs29
J/xpjLGPAgMBAAECggEAMhx0l/4LMxRuaAHgVvqjT872nKaNRg3ulQoHGbBbY3gd
5RamEVjJf/DtqrdtCRQKsLF1u+25+w+RoHNEKPoTSXfDDEx+7j6unUAnP/HqDNSE
8EUF3A2DK4k2nTJXNXWACOpYhf4c7bi4XVwjq8/jlOinqcQvHHvhLHPHTU19LLBi
hUDJ/j/4sWaZtUyCI/feyLW5FyGJl+nlaQY6Cokvc3NtdHXxrBY09PO/BdxDcbl6
KHQg1yeAgQZ9xrDJoCPGDpjclkz0mG2DdLNaxKm2shyeIEt7maBnyJeoNDqbKVEP
8xWG5+k2swfu4Ll4IwuQB2tYme/8qopZV0+VgDsboQKBgQDRaLDjRuju8P3GqOgg
c6INlgvcycHETE9CGvd+QOZ9tRZm78nUXSUAG54E0EWJCOP3S5UaDQ+V2Yjk+o+F
hKDgWujv8bdyYcfIIJtPuX5GiEI41NTqCSbWmkVgIPMOvb7LerbhCiUKOl4Ofjph
5PyN4o/8DBlMcondTf7AcrzAGwKBgQDBWsvGPomIbuu1cCZcOwCOMMuJUFC5hmq4
bhTj3h6arp0AFXK3JoNVDWfolBAtYQwblHl3kq/8mF0anB7pFOI3QucOUjNtU/lG
0mWZWjXXO2mzNn2ZoRy937ECEPiFLAmhxSH8HxEDN91MNQ07tX9YGPTvtVBg8eI4
EfEze+iznQKBgCzQU7J/tU+VISoHcY2oUVDJAIbiYmYo0nlaHgbVyr2yKDYlMLMS
r91jC6EKFSdrUKXWdfUaQHCYGhSujlJLfMYmjlzzBIgk5sUsPTCFiMF9XXaeDWZ8
SOR6JUiaJInOD2uqOkLUkfKrZP+DAel7QJT4nEmbKTrT9C75BwCWTVBrAoGBAJms
Rx6ln3t+5PmMTACrqDJal7nnynDZY0J3w0SjyeEYfJGPemAUTPcxM2+HFiBq7EuT
QsMFI7f3hK/cezi2r2BKXQdlz5fJ0Oo32CX8q6QHhWe5HDQY95X1DmLdCBgXuwQG
gI84RbYwFUM3OvBEvRRQqYNGsL6MIEZ+BBzuEzGFAoGBAIereifZ++ghCv+xk4UQ
cjlaNdOFXb1ad8M0dfFMB4IhPDjsssuLh756J52IJ9p2ml/Hb4YGuELh73xO+7Fc
Y+rsxSFrPa5QxR7khZHersI63hlwZZ3oKvsywSFR3DpCxHjEiX42TscmC28+lFLa
zgReCnhxkawSFShsUWg6ix7L
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgSE05FSm7tx8V9HaQ
kZbmWPcKDQOgs+UL0j0ypyjLUhuhRANCAAQt2i/kK6XyfnW0JWUWkFJdoUDwyQT9
uAkV34Gozck5587VPqf3FS06sH+gof74bzYiRXMFKi+KjCzURtGfGtPl
-----END PRIVATE KEY-----
2 changes: 1 addition & 1 deletion certs/generate.sh
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/bash
# Regenerate the self-signed certificate for local host.

openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 1024 -keyout demo.key -out demo.crt
openssl req -x509 -sha256 -nodes -newkey ec:<(openssl ecparam -name secp256r1) -days 1024 -keyout demo.key -out demo.crt

6 changes: 6 additions & 0 deletions client/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,15 @@ func main() {

flag.Parse()

// By using TLS tickets we can skip the lenghtly key agreement on any reconnections.
// We don't actually re-use connections here, nor is this a long-running services,
// but makes a good practice to imitate at low cost.
var globalTLSSessionCache = tls.NewLRUClientSessionCache(0) // capacity < 1 → use a default capacity

// create gRPC TLS credentials
creds := credentials.NewTLS(&tls.Config{
InsecureSkipVerify: true, // using self signed certificate for demo, for more secure connections see https://bbengfort.github.io/programmer/2017/03/03/secure-grpc.html
ClientSessionCache: globalTLSSessionCache,
})

grpcAuth := &basicAuthCreds{
Expand Down