Hi. I wrote the post, happy to answer questions.<p>* yes, more modern versions of Go would likely mitigate some of the memory pain
* yes, crypto/tls is fast now
* no, crypto/tls still has insufficient functionality for implementing this. crypto/tls implicitly assumes you want to authenticate the channel through certificates, which Tor doesn't do
* I was using go 1.4
* yes, I tried Rust
There were some very significant[0] crypto speed improvements in the Go 1.6 releases. It would be interesting to see how well a pure go implementation would perform.<p>[0] Russ Cox mentions a ~ 10x performance in a TLS benchmark between 1.5 and 1.6.2 at <a href="https://github.com/golang/go/issues/15713" rel="nofollow">https://github.com/golang/go/issues/15713</a>
The author doesn't indicate what version of Go they were attempting to use, but in the last two years, Go has seen many improvements by their very active dev team.<p>Notably, there were several changes to crypto in 1.5: <a href="https://golang.org/doc/go1.5#minor_library_changes" rel="nofollow">https://golang.org/doc/go1.5#minor_library_changes</a><p>1.6:
<a href="https://golang.org/doc/go1.6#minor_library_changes" rel="nofollow">https://golang.org/doc/go1.6#minor_library_changes</a><p>and 1.7:
<a href="https://golang.org/doc/go1.7#minor_library_changes" rel="nofollow">https://golang.org/doc/go1.7#minor_library_changes</a>
I posted this because I was interested to see if anyone else had experienced gaps in the golang `crypto/tls` library. The original author is pretty scathing about Go's implementation, but my impression thus far has been that it's an amazing quality part of the Go standard lib.<p>I'd take it any day over openssl, that is for sure. I wish the author had published methodology on the benchmark comparison, would be interesting to dissect that.
The article seems to contradict itself, between "the Go implementation broke the speed record" and "Go makes the product too slow."<p>Granted the cgo stuff and the memory usage would be something that one needs to deal with. Did you talk to go-nuts at all? They might've been able to offer some more insight into all of this, a better way to deal with the cgo related issue and perhaps even make some changes to handle these kinds of cases better.
> Go has its own TLS implementation called “crypto/tls“, apparently because agl__, one of the people working on the language, decided so.<p>I thought it was rewritten because of the terrible quality of the OpenSSL code, which turned out to be a very good decision.