Ticket #4936 (closed enhancement: fixed)
enable SSL for DEFLATE compression
|Reported by:||robot101||Owned by:||robot101|
|Keywords:||fixed Update.1?||Cc:||daf, morgs, gdesmott|
|Deployments affected:||Blocked By:|
Given we have issues with the roster download taking too long (#4896, although it's a legitimate bug which daf is currently fixing) I spent a bit looking into whether we could enable SSL and negotiate DEFLATE encryption to reduce the bandwidth burden of the XMPP server traffic. I patched Loudmouth to instruct GNUTLS to negotiate DEFLATE if available, and patched Presence Service to enable old SSL (XMPP over SSL on port 5223, because Loudmouth 1.2.x doesn't support STARRTLS) and ignore certificate verification errors.
Results are very promising, on my laptop I tested logging in to jabber.laptop.org and downloading the roster, then signing out, and measured the times and data transferred:
Without compression: 460k downloaded real 0m28.717s user 0m2.556s sys 0m0.204s
With compression: 104k downloaded real 0m19.382s user 0m2.600s sys 0m0.252s
So, for a negligible cost in CPU time we can take the bandwidth usage at sign-on down to 22% of the current, and hence significantly reduce the sign-on time on slow links (such as "media lab 802.11" :D). The 'real' times are a bit inaccurate because I was ending the tests manually, but it's definitely faster.
These patches have also been tested on top of Joyride on an XO too, and work well. The appropriate changes are to Loudmouth, which I've already made an SRPM which Dennis is integrating to Joyride, and to Presence Service which we'll include in the new release.