TLS Connections

The cost of TLS connections is heavily dependent on the server and their used certificates. In general it is affected by:

• the size of the certificate itself
• the algorithm used
• whether the server supports TLS resume (for subsequent connections)

If the session is symmetric then Toit can use a more efficient implementation that doesn't need mbedTLS once the connection is established.

The following program tests whether the connection to a server can use the Toit mode, and whether the server supports TLS resume.

import certificate-roots
import net
import net.modules.tcp
import tls

HOSTS ::= [
  "toit.io",
]

main:
  network ::= net.open
  certificate-roots.install-common-trusted-roots
  HOSTS.do: | host/string |
    print "-------- HOST $host --------"
    saved-session := null
    2.repeat: | iteration |
      if iteration != 0:
        sleep --ms=200

      raw := tcp.TcpSocket network
      raw.connect host 443
      socket := tls.Socket.client raw
          --server-name=host

      if saved-session:
        socket.session-state = saved-session
      e := catch:
        duration := Duration.of: socket.handshake

        if iteration != 0: print "Session resumed"

        saved-session = socket.session-state

        writer := socket.out
        writer.write """GET / HTTP/1.1\r\nHost: $host\r\nConnection: close\r\n\r\n"""
        if iteration == 0:
          print "$((socket as any).session_.mode == tls.SESSION-MODE-TOIT ? "Toit mode" : "MbedTLS mode")"
      if e: print "No session resume"
      socket.close
      raw.close

You want to see:

Toit mode
Session resumed