Opened 6 years ago

Closed 6 years ago

#4603 closed defect (fixed)

Lower HTTP Keep-Alive limit

Reported by: mikeperry Owned by: mikeperry
Priority: High Milestone: TorBrowserBundle 2.2.x-stable
Component: Firefox Patch Issues Version:
Severity: Keywords: MikePerryIterationFires20111211
Cc: g.koppen@… Actual Points: 3
Parent ID: Points: 3
Reviewer: Sponsor:

Description

We should lower how long HTTP Keep-Alive connections are kept around, to reduce linkability. Perhaps it should be a function of time-since-last-use not total age. Or perhaps not.

Child Tickets

Change History (3)

comment:1 Changed 6 years ago by gk

Cc: g.koppen@… added

comment:2 Changed 6 years ago by mikeperry

Keywords: MikePerryIterationFires20111211 added

In fact, the keep alive timeout already is a function of time since last socket read (see nsHttpConnection::OnSocketReadable and follow mLastReadTime around to other functions). I think this means we can safely set it very low and still get performance benefits while limiting linkability.

It is somewhat hard to tell for sure that the code can properly handle the case where we get *no* data in the keepalive timeout timeframe, but the comment in nsHttpConnection::OnInputStreamReady() makes me think it can, as does testing with a timeout of 1 second against a image-heavy site over Tor.

So, how low should we go?

comment:3 Changed 6 years ago by mikeperry

Actual Points: 3
Points: 3
Resolution: fixed
Status: newclosed

Roger talked me out of 1 second, since he felt that performance was more important than reducing this linkability to a minimum.

So I am going with 20 seconds here, as a compromise between linkability and performance for AJAX webapps.

Note: See TracTickets for help on using tickets.