Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!xlned.com!feeder1.xlned.com!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.078 X-Spam-Evidence: '*H*': 0.85; '*S*': 0.00; 'handful': 0.09; 'http': 0.09; 'subject:How': 0.10; '4:25': 0.16; 'bonus,': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'link,': 0.16; 'once.': 0.16; 'seconds.': 0.16; 'subject:limit': 0.16; 'elements': 0.16; 'sat,': 0.16; 'wrote:': 0.18; 'do.': 0.18; 'seems': 0.21; 'load': 0.23; 'browsers': 0.24; 'fine': 0.24; 'server.': 0.24; "i've": 0.25; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; 'message-id:@mail.gmail.com': 0.30; 'page.': 0.31; 'requests': 0.31; 'bunch': 0.31; 'fixing': 0.31; 'once,': 0.31; 'overhead': 0.31; 'requesting': 0.31; 'another': 0.32; 'open': 0.33; 'connection': 0.35; 'something': 0.35; 'one,': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'done': 0.36; 'subject:?': 0.36; 'server': 0.38; 'connections': 0.38; 'nov': 0.38; 'to:addr :python-list': 0.38; 'previous': 0.38; 'to:addr:python.org': 0.39; 'even': 0.60; 'establish': 0.61; 'browser': 0.61; 'series': 0.66; '2-3': 0.68; 'secure': 0.71; 'cut': 0.74; "everything's": 0.84; 'insecure': 0.84; 'ridiculously': 0.84; 'subject:tell': 0.84; 'cutting': 0.91; 'edwards': 0.91; 'tunnel': 0.91; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=0Iji5PLiNh1d+KPnoYBH/MYdI5TCzDtR17SL/Vzzd14=; b=dfBiMF3H1aCBdR0D2qjIUw8HP+I0geWeeX0OOy6Mfq5oJ5fAX9G+0Xqi9lx/9c/YOC SrA2I6LkuaCKM94LaOyG9dYjpGl4JNojvP9gLuvWmqBBZ+5WRFPfc8x59rd34wSqnk4r fvl31QTXM7oPteVwS7vQhM5p7i+R5qcqDHFu5OPP8dMtEU1WZ3ZPnHAA2ffPa0vdYZLq XodDJYpLo0aAC7v7TdSRrpI+6pzP76XLYcA1E2o0zfc2g9sl3/YePp9VZ6GYB4ShASlZ w3EuiZQY0DLAwpX9tgIwjR47n9S2O/qlOXDhGi8BYza30PO307M9Y38ul9z8+LTBxItL /nAw== MIME-Version: 1.0 X-Received: by 10.52.33.147 with SMTP id r19mr2612389vdi.37.1383934609880; Fri, 08 Nov 2013 10:16:49 -0800 (PST) In-Reply-To: References: Date: Sat, 9 Nov 2013 05:16:49 +1100 Subject: Re: OT: How to tell an HTTP client to limit parallel connections? From: Chris Angelico To: python-list@python.org Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 24 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1383934618 news.xs4all.nl 15934 [2001:888:2000:d::a6]:46442 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:58833 On Sat, Nov 9, 2013 at 4:25 AM, Grant Edwards wrote: > I've got a very feeble web server. The crypto handshaking involved in > opening an https: connection takes 2-3 seconds. That would be fine if > a browser opened a single connection and then sent a series of > requests on that connection to load the various elements on a page. > > But that's not what browsers do. They all seem to open whole handful > of connections (often as many as 8-10) and try to load all the page's > elements in parallel. Are you using HTTP 1.1 with connection reuse? Check that both your client(s) and your server are happy to use 1.1, and you may be able to cut down the number of parallel connections. Alternatively, since fixing it at the browser seems to be hard, can you do something ridiculously stupid like... tunnelling insecure HTTP over SSH? That way, you establish the secure tunnel once, and establish a whole bunch of connections over it - everything's still encrypted, but only once. As an added bonus, if clients are requesting several pages serially (user clicks a link, views another page), that can be done on the same connection as the previous one, cutting crypto overhead even further. ChrisA