cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS CURL get slow when calling at first time

From: Oscar Koeroo <okoeroo_at_nikhef.nl>
Date: Tue, 27 Nov 2012 20:42:41 +0100

>> if(curl) {
>> curl_easy_setopt(curl, CURLOPT_URL,
>> url.GetPlatformString().c_str());
>> curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
>> curl_easy_setopt(curl, CURLOPT_SSLCERT,
>> "C:\\test\\omg.aps.net.pem");
>>
>> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
>> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2);
>> curl_easy_setopt(curl,CURLOPT_KEYPASSWD,"");

Hello Sagar,

Have you Wiresharked an empty SSL handshake? It is interesting to see how
fast your TCP/IP is handhaking and the latency from SSL/TLS Client Hello and
Server Hello to a complete session. IMHO guessing is inefficient, measuring
is the start of science.

Do you need to push a client certificate? Mutual authentication is known to
be a pretty slow process. Both client and server need to verify the
certificate stack and signatures.

Also, the CURLOPT_SSL_VERIFYPEER is set to false, so this should increase
the potential handshake as your libcurl-based client is skipping the peer
verification steps (read: it disables security on your client end).

        Oscar

House-hold request:
Could you reply on the previous email to not break the mail thread with each
reply? It's hard to follow the conversation as a conversation without it.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-11-27