From unknown Fri Jun 20 07:15:53 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#22966 <22966@debbugs.gnu.org>
To: bug#22966 <22966@debbugs.gnu.org>
Subject: Status: HTTPS with GnuTLS's 'session-record-port' is inefficient
Reply-To: bug#22966 <22966@debbugs.gnu.org>
Date: Fri, 20 Jun 2025 14:15:53 +0000

retitle 22966 HTTPS with GnuTLS's 'session-record-port' is inefficient
reassign 22966 guix
submitter 22966 ludo@gnu.org (Ludovic Court=C3=A8s)
severity 22966 normal

thanks


From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 09 17:02:41 2016
Received: (at submit) by debbugs.gnu.org; 9 Mar 2016 22:02:41 +0000
Received: from localhost ([127.0.0.1]:41918 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1admBl-0004WY-FX
	for submit@debbugs.gnu.org; Wed, 09 Mar 2016 17:02:41 -0500
Received: from eggs.gnu.org ([208.118.235.92]:55569)
 by debbugs.gnu.org with esmtp (Exim 4.84)
 (envelope-from <ludo@gnu.org>) id 1admBj-0004WL-Jw
 for submit@debbugs.gnu.org; Wed, 09 Mar 2016 17:02:39 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1admBd-000630-NW
 for submit@debbugs.gnu.org; Wed, 09 Mar 2016 17:02:34 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:40936)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1admBd-00062v-Kx
 for submit@debbugs.gnu.org; Wed, 09 Mar 2016 17:02:33 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46521)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1admBc-0007q7-OT
 for bug-guix@gnu.org; Wed, 09 Mar 2016 17:02:33 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1admBX-000619-Ky
 for bug-guix@gnu.org; Wed, 09 Mar 2016 17:02:32 -0500
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:48441)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1admBX-000610-IO
 for bug-guix@gnu.org; Wed, 09 Mar 2016 17:02:27 -0500
Received: from reverse-83.fdn.fr ([80.67.176.83]:34006 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1admBW-0002CH-U1
 for bug-guix@gnu.org; Wed, 09 Mar 2016 17:02:27 -0500
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: bug-guix@gnu.org
Subject: HTTPS with GnuTLS's 'session-record-port' is inefficient
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 20 =?utf-8?Q?Vent=C3=B4se?= an 224 de la =?utf-8?Q?R?=
 =?utf-8?Q?=C3=A9volution?=
X-PGP-Key-ID: 0x3D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Wed, 09 Mar 2016 23:02:24 +0100
Message-ID: <87fuvz9uof.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

(guix build download) uses =E2=80=98session-record-port=E2=80=99 from (gnut=
ls), which
returns a port to conveniently write to/read from the TLS session=E2=80=99s
=E2=80=9Crecord=E2=80=9D layer.

The problem is that every write to the port, that is, every call to
=E2=80=98write_to_session_record_port=E2=80=99 in the GnuTLS bindings, lead=
s to the
creation of one =E2=80=9CApplication Data=E2=80=9D packet.

For instance, when (web requests) writes an HTTP GET request, it roughly
does:

  (display "GET" port)
  (display " " port)
  (display uri port)
  (display "\n\r" port)
  =E2=80=A6

it ends up creating a lot of small Application Data packets.  When
debugging is enabled in (guix build download), that translates to things
like:

  gnutls: [14594|5] REC[0x152c9c0]: Preparing Packet Application Data(23) w=
ith length: 1 and min pad: 0
  gnutls: [14594|9] ENC[0x152c9c0]: cipher: AES-128-GCM, MAC: AEAD, Epoch: 1
  gnutls: [14594|5] REC[0x152c9c0]: Sent Packet[4] Application Data(23) in =
epoch 1 and length: 30

Terribly suboptimal.

The difficulty is that the session record port doesn=E2=80=99t do any cachi=
ng by
itself, and it shouldn=E2=80=99t, because it=E2=80=99s the application=E2=
=80=99s responsibility.
So we might have to do our own caching and/or use =E2=80=98record-send=E2=
=80=99 and
=E2=80=98record-receive!=E2=80=99 instead of =E2=80=98session-record-port=
=E2=80=99.

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 15 13:55:59 2016
Received: (at 22966-done) by debbugs.gnu.org; 15 Mar 2016 17:55:59 +0000
Received: from localhost ([127.0.0.1]:49343 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aftCJ-0000d2-4F
	for submit@debbugs.gnu.org; Tue, 15 Mar 2016 13:55:59 -0400
Received: from eggs.gnu.org ([208.118.235.92]:43492)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1aftCH-0000cq-2a
 for 22966-done@debbugs.gnu.org; Tue, 15 Mar 2016 13:55:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@gnu.org>) id 1aftC7-0000gV-HV
 for 22966-done@debbugs.gnu.org; Tue, 15 Mar 2016 13:55:51 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:39881)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1aftC7-0000gM-Dj
 for 22966-done@debbugs.gnu.org; Tue, 15 Mar 2016 13:55:47 -0400
Received: from reverse-83.fdn.fr ([80.67.176.83]:35868 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1aftC6-00020H-Ku
 for 22966-done@debbugs.gnu.org; Tue, 15 Mar 2016 13:55:47 -0400
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: 22966-done@debbugs.gnu.org
Subject: Re: bug#22966: HTTPS with GnuTLS's 'session-record-port' is
 inefficient
References: <87fuvz9uof.fsf@gnu.org>
Date: Tue, 15 Mar 2016 18:55:44 +0100
In-Reply-To: <87fuvz9uof.fsf@gnu.org> ("Ludovic
 \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
 \=\?utf-8\?Q\?s\?\= message of "Wed, 09 Mar 2016 23:02:24 +0100")
Message-ID: <87shzrsk0v.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 22966-done
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

ludo@gnu.org (Ludovic Court=C3=A8s) skribis:

> The problem is that every write to the port, that is, every call to
> =E2=80=98write_to_session_record_port=E2=80=99 in the GnuTLS bindings, le=
ads to the
> creation of one =E2=80=9CApplication Data=E2=80=9D packet.

Guix commit ec278439f3ff5dcd3d02c05099ba1724cc2459f1 works around it in
=E2=80=98guix substitute=E2=80=99.

GnuTLS commit 0b1c136947878ccb600b4fa785ef257909104144 explains this in
the guile-gnutls manual.

I consider this bug closed.

Ludo=E2=80=99.




From unknown Fri Jun 20 07:15:53 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Wed, 13 Apr 2016 11:24:03 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator