Keepping certificates in memory or loading on every connection

[metalefty]

I came up with this comment:

#1976 (comment)

It would be nice to only get the setup stuff like cert and cipher information on first startup, not for every connection:

Using default X.509 certificate: /etc/xrdp/cert.pem
Using default X.509 key file: /etc/xrdp/key.pem

IIRC, xrdp doesn't keep TLS certificates in memory but loads on every connection. I personally +1 to the current behaviour but I would like to discuss this with you.

Here're pros and cons. I think RDP connection is long-living, unlike HTTPS. So there's less chance that loading certificates 100 times per second happen. Except for brute-force or port scanning attacks. Even in that case, the overhead of TLS handshake is much bigger than certificate file loading.

If we change to keeping certificates in memory, we also should implement reloading on SIGHUP.

pros

• Reload not required after certificate renewal

cons

• File loading/opening overhead

[matt335672]

At the moment the TLS load happens after the xrdp fork for an incoming connection. I also think this is correct behaviour. If the user changes the certificate and key (which may be required in an enterprise), it is not necessary to restart xrdp.

I don't know whether the certificate and key are stored in the buffer cache when loaded. If they are, that reduces the overhead even further. These are pretty tiny files anyway.

The SIGHUP is definitely broken at the moment. We're doing all sorts of stuff in signal handlers that isn't safe (see sidnal-safety(7) for a Linux list). Ideally the signal handlers would send a message to the main process loop where the signal gets processed like everything else.