greghendershott/tls.rkt

## tls.rkt
#lang racket/base

(require openssl
         racket/contract)

(provide ports->tls-ports/accept
         ports->tls-ports/connect)

(define pem (build-path (collection-path "openssl") "test.pem"))
(define server-ctx (ssl-make-server-context 'tls12))
(ssl-load-certificate-chain!      server-ctx pem)
(ssl-load-private-key!            server-ctx pem)
(ssl-server-context-enable-ecdhe! server-ctx 'secp521r1)

(define client-ctx (ssl-make-client-context 'tls12))
(ssl-set-ciphers! client-ctx "ECDHE-RSA-AES128-SHA256")

(define/contract (ports->tls-ports/accept in out)
  (-> input-port? output-port? (values input-port? output-port?))
  (ports->ssl-ports in
                    out
                    #:mode               'accept
                    #:context            server-ctx
                    #:close-original?    #t
                    #:shutdown-on-close? #t))

(define/contract (ports->tls-ports/connect in out)
  (-> input-port? output-port? (values input-port? output-port?))
  (ports->ssl-ports in
                    out
                    #:mode               'connect
                    #:context            client-ctx
                    #:close-original?    #t
                    #:shutdown-on-close? #t))

(module+ main
  (require rackunit)

  (define (ex tls?)
    (define-values (r1 w2) (make-pipe))
    (define-values (r2 w1) (make-pipe))

    (define big-bstr (make-bytes (* 8 1024 1024)))

    (define server-thread
      (thread
       (λ ()
         (define-values (r w)
           ((if tls? ports->tls-ports/accept values)
             r2 w2))
         (check-equal? (write-bytes big-bstr w) (bytes-length big-bstr))
         (close-output-port w))))

    (define-values (r w)
      ((if tls? ports->tls-ports/connect values)
       r1 w1))
    (check-equal? (read-bytes (bytes-length big-bstr) r) big-bstr)
    (check-equal? (read-string 5 r) eof)
    (close-input-port r)
    (close-output-port w)
    (thread-wait server-thread))

  (time (ex #f))
  (time (ex #t)))

;; The TLS version takes much longer.
;; GC time is about 40-60% of real time.
;;
;;
;; Windows 10
;; $ Racket.exe tls.rkt
;; cpu time: 63 real time: 68 gc time: 31
;; cpu time: 8766 real time: 8862 gc time: 3564
;;
;; Ubuntu on Windows Subsystem for Linux
;; $ ~/racket/bin/racket tls.rkt
;; cpu time: 157 real time: 151 gc time: 62
;; cpu time: 8593 real time: 8612 gc time: 5469
;;
;; macOS
;; $ racket tls.rkt
;; cpu time: 38 real time: 39 gc time: 10
;; cpu time: 2705 real time: 2733 gc time: 1367
	#lang racket/base

	(require openssl
	racket/contract)

	(provide ports->tls-ports/accept
	ports->tls-ports/connect)

	(define pem (build-path (collection-path "openssl") "test.pem"))
	(define server-ctx (ssl-make-server-context 'tls12))
	(ssl-load-certificate-chain! server-ctx pem)
	(ssl-load-private-key! server-ctx pem)
	(ssl-server-context-enable-ecdhe! server-ctx 'secp521r1)

	(define client-ctx (ssl-make-client-context 'tls12))
	(ssl-set-ciphers! client-ctx "ECDHE-RSA-AES128-SHA256")

	(define/contract (ports->tls-ports/accept in out)
	(-> input-port? output-port? (values input-port? output-port?))
	(ports->ssl-ports in
	out
	#:mode 'accept
	#:context server-ctx
	#:close-original? #t
	#:shutdown-on-close? #t))

	(define/contract (ports->tls-ports/connect in out)
	(-> input-port? output-port? (values input-port? output-port?))
	(ports->ssl-ports in
	out
	#:mode 'connect
	#:context client-ctx
	#:close-original? #t
	#:shutdown-on-close? #t))

	(module+ main
	(require rackunit)

	(define (ex tls?)
	(define-values (r1 w2) (make-pipe))
	(define-values (r2 w1) (make-pipe))

	(define big-bstr (make-bytes (* 8 1024 1024)))

	(define server-thread
	(thread
	(λ ()
	(define-values (r w)
	((if tls? ports->tls-ports/accept values)
	r2 w2))
	(check-equal? (write-bytes big-bstr w) (bytes-length big-bstr))
	(close-output-port w))))

	(define-values (r w)
	((if tls? ports->tls-ports/connect values)
	r1 w1))
	(check-equal? (read-bytes (bytes-length big-bstr) r) big-bstr)
	(check-equal? (read-string 5 r) eof)
	(close-input-port r)
	(close-output-port w)
	(thread-wait server-thread))

	(time (ex #f))
	(time (ex #t)))

	;; The TLS version takes much longer.
	;; GC time is about 40-60% of real time.
	;;
	;;
	;; Windows 10
	;; $ Racket.exe tls.rkt
	;; cpu time: 63 real time: 68 gc time: 31
	;; cpu time: 8766 real time: 8862 gc time: 3564
	;;
	;; Ubuntu on Windows Subsystem for Linux
	;; $ ~/racket/bin/racket tls.rkt
	;; cpu time: 157 real time: 151 gc time: 62
	;; cpu time: 8593 real time: 8612 gc time: 5469
	;;
	;; macOS
	;; $ racket tls.rkt
	;; cpu time: 38 real time: 39 gc time: 10
	;; cpu time: 2705 real time: 2733 gc time: 1367