Why some Tor servers are slow (was Re: TOR Park Exit Node Question)

Giorgos Pallas gpall at ccf.auth.gr
Mon Oct 3 08:25:05 UTC 2005 


Roger Dingledine wrote:

>So masquerade is somehow not putting much attention into its ssl
>handshakes. This could be because its network connection is actually
>through a proxy or a firewall that is dropping some of the packets or
>slowing things down tremendously. It could also be that it's running on
>a 100 mhz 486, or its ulimits are set to something crazy-low, or it's
>busy ray-tracing a movie, or something else.
>
>I'd be curious to learn what's up with it. I've seen this behavior before
>on Windows machines behind cable modems and crappy NAT boxes.
>
>--Roger
>  
>
I am also curious to know what is wrong with my server. Masquerade is a 
Debian linux (latest release) box , with an Athlon 500 MHz, and 256 MB 
RAM. It is not behind any NAT, it has a direct, switched connection to 
the internet at 100 Mbps.

Using the command Peter Palfrader gave, I was able to reproduce the 
problem on the very box, so the network can't have anything to do with 
it (I guess):

postmortem:# time openssl s_client -connect 155.207.113.227:9001
CONNECTED(00000003)
depth=1 /O=TOR/CN=masquerade <identity>
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/O=TOR/CN=masquerade
   i:/O=TOR/CN=masquerade <identity>
 1 s:/O=TOR/CN=masquerade <identity>
   i:/O=TOR/CN=masquerade <identity>
---
Server certificate
-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----
subject=/O=TOR/CN=masquerade
issuer=/O=TOR/CN=masquerade <identity>
---
No client certificate CA names sent
---
SSL handshake has read 1469 bytes and written 344 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: ...
    Key-Arg   : None
    Start Time: 1128325862
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
read:errno=0

real    0m46.904s
user    0m0.093s
sys     0m0.007s



So, something is going wrong specificaly with ssl because if you try to 
make other connections to the server (eg web browse: 
http://postmortem.csd.auth.gr), it works very fast.So, how could I 
further troubleshoot ssl? Using some openssl parameters maybe? Any ideas?

More information about the tor-talk mailing list