Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-14983

Implement QSslContext class to enable SSL session sharing / resuming

    XMLWordPrintable

Details

    • b5652df775efbd1c52eecee5f08e40e600e5d70b

    Description

      • Implement a (for now internal) class QSslContext that wraps a OpenSSL SSL_CTX
      • The information inside is to be based on the QSslConfiguration set by the user on the QNetworkRequest
      • Each QHttpNetworkConnection has QSslContext object as QSharedPointer
      • The individual QSslSockets of the QHttpNetworkConnection all use that QSslContext object, stored via QSharedPointer. If no one set the QSharedPointer, they create their own and behave as before.
      • The goal is to share SSL sessions (resuming sessions to avoid handshake roundtrips) and to save memory by only using one SSL_CTX instead of up to 6 per host:port (see also QTBUG-14985 ).

      Problems identified so far:

      • QNetworkAccessManager uses one QHttpNetworkConnection per host:port, without paying attention to the QSslConfiguration ( QTBUG-7201 )
      • What about the qnetworkreply->setSslConfiguration() calls? (Maybe also related to QTBUG-8405 )

      Attachments

        Issue Links

          depends on

          Task - A task that needs to be done. QTBUG-14948 Merge QSslSocketPrivate and QSslSocketBackendPrivate

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed

          Suggestion - Public suggestions QTBUG-7201 QSslConfiguration: Distinguish HTTP connections also by things like local certificate

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Open
          is required for

          Task - A task that needs to be done. QTBUG-28762 QtNetwork performance improvements

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          relates to

          Task - A task that needs to be done. QTBUG-14985 Use SSL_MODE_RELEASE_BUFFERS in QSslSocket / SSL_CTX

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed

          Suggestion - Public suggestions QTBUG-14160 Improve/refactor the SSL & proxy socket engines

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed

          Suggestion - Public suggestions QTBUG-8405 Make QSslSocket emit a signal if the server requests that the client identify itself with a certificate

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed

          Suggestion - Public suggestions QTBUG-19141 SSL session sharing

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed
          replaces

          Suggestion - Public suggestions QTBUG-19141 SSL session sharing

          • P3: Somewhat important - Should be fixed, but doesn't affect the release in any way.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              peter-har Peter Hartmann
              mgoetz Markus Goetz (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes