Hi All,
I have 5 domains with big TLS certficates like each domain has more than 8K bytes of certificates. I have observed that the kamailio taking quite amount of time to initialize.
I looked at the code and found that the SSL_CONTEXT is initialized for each process. Why can't we use the same SSL_CONTEXT for all process. This will speed up the init time.
I changed using single SSL context for all process and initialization was very fast.
According to my understanding on a new TLS connection SSL structure for a connection shall copy all the data from SSL_CTXT. So there is no sharing of resource here, as SSL_CTXT is readable for all process. So why we have to create SSL_CTXT for each process.
Please let me know if any particular reason to do it.
Thanks
Jijo