如何重用连接/请求以避免握手 [英] How to reuse connection/request to avoid Handshake

问题描述

我想知道Reusing HttpWebRequests如何避免每次SSL握手过程.

I would like to know how Reusing HttpWebRequests works to avoid SSL handshake process everytime.

我在请求中使用了保持活动头，并且第一次握手成功，但是我想重用请求，以避免以后针对同一证书进行握手.

I use the keep alive headr in the request and the first handshake is successfull but i would like to reuse the request in order to avoid future handshakes against the same certificate.

认为我不知道是否必须重用HttpWebRequest对象实例，或者即使我创建了一个新的请求对象，由于保持活动已经存在并且可以正常工作，它将使用相同的连接.

Think is i dont know if i had to reuse the HttpWebRequest object instance or even if i create a new request object it will use the same connection since the keep alive is already on place and working.

我是否应该在类级别存储现有的请求对象并重用它?还是我可以安全地处置该对象，下一次创建请求时，它将处于保持活动连接的作用下?

Should i store the existing request object lets say at class level and reuse it? or i can safely dispose the object and next time i create a request it will be under the effect of the keep alive connection?

我问这个原因是因为我需要降低应用程序中的时序，最糟糕的部分始终是ssl握手，这在带有来自运营商的中等信号的电话中可能需要3秒钟以上的时间.

I am asking this cause i need to lower the timings in an application, and worst part is always ssl handshake, that can take over 3seconds in a phone with medium signal from carrier.

我正在使用C#进行开发. 我试图寻找此类信息，但我在Internet上阅读的所有内容都是如何设置SSL服务器并启用某些设置，而不是如何使客户端使用这些功能.

I am using C# to develop. I have tried to look for this kind of information but all i read over internet is how to set up the SSL Server and enabling certain settings but not how to make the client work with these features.

调查结果 我使用以下代码在.NET C#中创建了一个示例程序:

FINDINGS RESULTS I created a sample program in .NET C# whith the following code:

Stopwatch sw = new Stopwatch();
sw.Start();
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(new Uri(@"https:\\www.gmail.com"));
request.KeepAlive = true;
request.Method = "GET";
request.ContentType = "application/json";
request.ContentLength = 0;
request.ConnectionGroupName = "test";
//request.UnsafeAuthenticatedConnectionSharing = true;
//request.PreAuthenticate = true;
var response = request.GetResponse();
//response.Close();
request.Abort();
sw.Stop();
listBox1.Items.Add("Connection in : " + sw.Elapsed.ToString());
sw.Reset();
sw.Start();
HttpWebRequest request2 = (HttpWebRequest)WebRequest.Create(new Uri(@"https:\\www.gmail.com"));
request2.KeepAlive = true;
request2.Method = "GET";
//request2.UnsafeAuthenticatedConnectionSharing = true;
//request2.PreAuthenticate = true;
request2.ContentType = "application/json";
request2.ContentLength = 0;
request2.ConnectionGroupName = "test";
var response2 = request2.GetResponse();
//response2.Close();
request2.Abort();
sw.Stop();
listBox1.Items.Add("Connection 2 in : " + sw.Elapsed.ToString());

结果是第一个连接触发了3次CertificatevalidationCallback(每个证书一个)，然后第二个连接仅触发了一次，但是当我关闭响应之前执行下一个请求时，没有回调触发.

Results was that the first connection triggered the CertificatevalidationCallback 3 times (one for each certificate) and then the second connection only once, but when i CLOSED THE RESPONSE before performing the next request, no callback was triggered.

我想让响应保持打开状态就可以使套接字保持打开状态，这就是为什么发生部分握手(而不是整个证书链)的原因.

I suppose that keeping a response open keeps the socket open and thats why the partial handshake takes place (not the full certificate chain).

很抱歉，如果我在这件事上听起来有些菜鸟，则SSL和计时是由一个工作伙伴编写的，尚不清楚该代码是否可以遵循.但是我想我有答案. 感谢Poupou的巨大帮助

Sorry if I sound kind of noob in this matter, SSL and timings was coded by a work mate and the code was not clear to follow. But i think i have the answer. Thanks Poupou for your tremendous help

推荐答案

这已经内置在Xamarin.iOS随附的SSL/TLS堆栈中(即，其级别低于HttpWebRequest). 没有任何设置可以启用此功能.实际上，如果要禁用它，则需要额外的代码.

This is already built-in the the SSL/TLS stack shipped with Xamarin.iOS (i.e. at a lower level than HttpWebRequest). There's nothing to set up to enabled this. In fact you would need extra code if you wanted to disable it.

如果服务器支持它，则后续握手将已经更快，因为将使用会话ID 缓存(请参见

If the server supports it then subsequent handshake will already faster because a Session ID cache will be used (see TLS 1.0 RFC page 30).

但是，服务器不必遵循会话ID(已授予会话ID).在这种情况下，将需要再次进行完整的握手. IOW，您不能从客户端强制执行此操作(仅提供).

However the server does not have to honor the session id (given to it). In such case a full handshake will need be done again. IOW you cannot force this from the client (only offer).

您可以使用网络分析仪对此进行验证，例如通过查看交换(并将其与RFC进行比较)来进行Wireshark.

You can verify this using a network analyzer, e.g. wireshark, by looking at the exchanges (and comparing them to the RFC).

这篇关于如何重用连接/请求以避免握手的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！