[Pharo-project] SSL/HTTPS - SecureSocketStream/SSLSessionforPharo/Squeak and other Smalltalk implementations

Miguel Cobá miguel.coba at gmail.com
Thu May 12 18:12:00 CEST 2011

El jue, 12-05-2011 a las 16:53 +0200, Sven Van Caekenberghe escribió:
> Rob,
> On 12 May 2011, at 16:38, Rob Withers wrote:
> > It is a complete implementation with the bare minimum of supported algorithms, based on the spec.   It is 100% in Smalltalk.  It worked last time I tested in, several years ago.  I will be able to tell you more this weekend.   Others have been adding fixes/small features since, but not a lot - the base is pretty solid.  I painstakingly followed the RFC for SSL - I think I read it over 20 times!  The only issue would be algorithm support. I never benchmarked it, but seeing the difference in performance between Smlltalk crypto code like 3DES and plugin code, there is a SIGNIFICANT improvement (10x?).   I do not know the state of Profiling under Pharo.  If someone could help set me up, then I will profile it this weekend.  I imagine both performance and certification were the reasons for SqueakSSL.
> > 
> > There is also an SSH implementation I wrote that does dynamic window resizing on net latency.
> It would be *very cool* if that code base could be ported to Pharo.
> It is really quite impressive that you did all this from the spec.
> I think that it would be possible to adjust my plan a bit, so that eventually, my code would use either the native plugin or your Smalltalk implementation. Then, we can compare features, functionality, bugs, etc..
> Does that sound like a good idea ?

But the performance is an issue. And I think that there was a discussion
several years ago that lead to choice a plugin instead of the
all-smalltalk code (independently of the queality of the smalltalk
code). Also a point was made about the maintainability of the smalltalk
code with respect to a library of the underlying OS, with respect to
CERT issues and 0-day exploits. given the few resources in the community
for simpler (relative to crypto) projects like *completion, RB and so, I
think is a wise decision to use the proved, tested and maintained OS
libraries through a plugin part of the standard VM. Of course, the
smalltalk implementation can be used as a fallback for platforms where a
plugin isn't available.

> Sven

Miguel Cobá

More information about the Pharo-project mailing list