[squeak-dev] Re: SqueakSSL

Ron Teitelbaum ron at usmedrec.com
Thu Feb 13 03:51:11 UTC 2014



> -----Original Message-----
> 
> Colin Putney-3 wrote
> > On Wed, Feb 12, 2014 at 6:39 PM, Göran Krampe <
> 
> > goran@
> 
> > > wrote:
> >
> >> On 02/12/2014 11:11 PM, Colin Putney wrote:
> >>
> >>> Great, this was just the information I needed. Thanks!
> >>>
> >>
> >> I will pack it up and post/send it tomorrow to ... well, Sven and
> >> Eliot etc for committing it.
> >>
> >
> > Great, thanks.
> >
> >
> >> Note - SqueakSSL works just fine for client side stuff. But you don't
> >> want to use it for server side with lots of connections... We kinda
> >> did and realized that hey... there is no threading in this plugin
> >> so... only one connection can decrypt/encrypt at one point in time -
> >> and of course VM stops while it does so. Ouchy.
> >>
> >
> > Right, the client-side is what I'm trying to use it for. My servers
> > are behind a load balancer, which does SSL termination as well. Stud
> > looks pretty awesome, but I haven't had a chance to use it yet. :-)
> >
> > Colin
> 
> You're probably already aware of this but you can also use the webservers to
> encrypt connections from your client to 3rd party servers.  I learned about it
> from here (site is down right now):
> http://www.monkeysnatchbanana.com/posts/2010/06/22/faking-a-https-
> client-for-glass.html
> 
> instead of connecting direct from Squeak to
> 
> https://api.stripe.com (or any 3rd party)
> 
> 1. set an alias in your /etc/hosts file for the 3rd party
> 
> 127.0.0.1 stripe
> 
> from Squeak connect to
> 
> http://stripe
> 
> and have your webserver proxy those connections to  the 3rd party e.g. in nginx
> something like this
> 
> server
> {
>   server_name stripe;
>   allow 127.0.0.1;
>   deny all;
>   location /
>   {
>     proxy_pass https://api.stripe.com;
>   }
> }
> 
> 
> 
> hope this helps
> 
> Paul
> 

Hey Paul,

Thanks for that but the problem we were solving was connecting https from a user's client computer to our server via SSL/TLS.  The idea was to protect the traffic from client to server.  Having our squeak client speaking SSL for on both Win and Mac was essential and we use SqueakSSL for that.  We could have used Apache or Nginx to proxy the connection and just now looking at Nginx that might have been a very good solution.  We chose stud because it's clean, works with multiple cores and performs well.  In our experience it just works.  What I like about SqueakSSL is that it uses native SSL implementations so we get the best of the OS SSL implementations, although single threaded, on the client side with no fuss.  Our bottle neck was the server and that is handled well by STUD.  We also use STUD for server to server communication and that too just works really well. 

All the best,

Ron Teitelbaum
Head Of Engineering
3d Immersive Collaboration Consulting
ron at 3dicc.com 
Follow Me On Twitter: @RonTeitelbaum
www.3dicc.com  
https://www.google.com/+3dicc
https://www.google.com/+RonTeitelbaum 







More information about the Squeak-dev mailing list