On 10/17/2016 08:48 PM, Cyril Brulebois wrote: > Philipp Kern <pkern@debian.org> (2016-10-17): >> On 10/17/2016 05:39 PM, Cyril Brulebois wrote: >>> AFAICT from a recent https deployment, apt will perform a TLS handshake >>> for each and every file it downloads from the mirror; including indices, >>> translations, pdiffs, and finally debian packages. >> Last I checked it pipelined within a single TLS connection (well, one >> per host). A casual Wireshark seems to confirm that. > Ah. What I saw might have been due to client cert auth then? I guess I > should revisit this setup when I find more time. There's also Pipeline- > Depth option's being advertised as not supported for https, too. We use it with a TPM-backed client certificate, so redoing the handshake all the time would be quite slow. cURL keeps open connections around in its handle as created by curl_easy_init(). Kind regards Philipp Kern
Attachment:
signature.asc
Description: OpenPGP digital signature