-
Notifications
You must be signed in to change notification settings - Fork 82
TLS Connections
Florian Loitsch edited this page Nov 13, 2024
·
1 revision
The cost of TLS connections is heavily dependent on the server and their used certificates. In general it is affected by:
- the size of the certificate itself
- the algorithm used
- whether the server supports TLS resume (for subsequent connections)
If the session is symmetric then Toit can use a more efficient implementation that doesn't need mbedTLS once the connection is established.
The following program tests whether the connection to a server can use the Toit mode, and whether the server supports TLS resume.
import certificate-roots
import net
import net.modules.tcp
import tls
HOSTS ::= [
"toit.io",
]
main:
network ::= net.open
certificate-roots.install-common-trusted-roots
HOSTS.do: | host/string |
print "-------- HOST $host --------"
saved-session := null
2.repeat: | iteration |
if iteration != 0:
sleep --ms=200
raw := tcp.TcpSocket network
raw.connect host 443
socket := tls.Socket.client raw
--server-name=host
if saved-session:
socket.session-state = saved-session
e := catch:
duration := Duration.of: socket.handshake
if iteration != 0: print "Session resumed"
saved-session = socket.session-state
writer := socket.out
writer.write """GET / HTTP/1.1\r\nHost: $host\r\nConnection: close\r\n\r\n"""
if iteration == 0:
print "$((socket as any).session_.mode == tls.SESSION-MODE-TOIT ? "Toit mode" : "MbedTLS mode")"
if e: print "No session resume"
socket.close
raw.close
You want to see:
Toit mode
Session resumed