>> Hi All, >> >> I'm trying to understand server and client code over tcp using openssl. >> >> How does the flow work when we do SSL_write or SSL_read. >> >> SSL_write -> send buffer to kernel crypto subsystem -> take encrypted buffer and send it over network socket. >> >> Is the above understanding correct ? > No, this isn't correct. All crypto is done in user space* using libcrypto. > > Matt > > * Actually there is a new option in master where the kernel does the TLS > encryption/decryption - but it is not on by default, and if used the kernel does > the IO too. > > Thanks Matt. > So only one context switch happens, which is sending buffer to networking > socket ? > > Regards, > valimki >> If its correct we have following context switch from user to kernel space and vice versa >> >> -> open ssl libary to kernel crypto subsystem >> >> -> kernel crypto subsystem to ssl library >> >> -> ssl library to network subsystem >> >> Does this mean for sending a buffer we need to three context switches from user to kernel and vice versa ? >> >> Doesn't this effect performance ? >> >> Please correct me if my understanding is wrong. >> >> Regards, >> valmiki >> >> >> >> >> >>
