Rebex TLS does not validate certificates on its own, but uses the operating system for that purpose via .NET Framework API (unless running on .NET Compact Framework, where our libraries do validate certificates as well). This means that the slowdown most likely occurs outside Rebex libraries.
If the application is running on Windows, you can gain some insight into the validation process using the certutil
tool. To run the tool, retrieve the server's certificate chain using the following code and save it to a file:
// connect to a server and negotiate a session without verifying the certificate
var client = new TlsClientSocket();
client.Connect(serverName, serverPort);
client.Parameters.CertificateVerifier = CertificateVerifier.AcceptAll;
client.Negotiate();
// save the certificate chain in a format compatible with Windows 'certutil' tool
var sb = new StringBuilder();
foreach (var cert in client.ServerCertificate)
{
var buffer = new MemoryStream();
cert.Save(buffer, CertificateFormat.Base64Der);
sb.Append(Encoding.ASCII.GetString(buffer.ToArray()));
}
File.WriteAllText("chain.crt", sb.ToString());
Then, run the certutil
tool on it in the same environment where the slowdown occurs:
certutil -verify -urlfetch chain.crt
Does the slowdown occur as well with certutil
?