Skip to content

Enable OpenSSL readahead

Calling SSL_CTX_set_read_ahead allows OpenSSL to coalesce reads, improving performance by reducing both syscalls and internal mallocs. As far as I can tell, the issues with enabling readahead are:

  1. It may consume bytes beyond the end of a TLS stream; an application which wants to "STOPTLS" needs to retrieve the buffered bytes from OpenSSL, otherwise they will be lost. As far as I know, Tor never reads bytes beyond the end of a TLS stream.

  2. It modifies the behavior of SSL_pending; according to the documentation, "If the SSL object's read_ahead flag is set [...] additional bytes will be buffered by OpenSSL but will remain unprocessed until they are needed. As these bytes are still in an unprocessed state SSL_pending() will ignore them.". Tor does call SSL_pending in a manner which appears to be affected. I'm not sure about the proper way to resolve this.

Edited by Alex Xu
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information