OpenSSL performance issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to summarize the problem again, since the previous 
mail seems confusing to some of you. It might help you quickly understand
the problem I am facing:

We have a product, where Client connects to Server (Proxy Server in my 
earlier mail). Client is implemented in C and uses OpenSSL, while Server is 
implemented using Java code with BufferedInputStream and 
BufferedOutputStream. The following are my observations:

1. There is "inordinate" delay during connection establishment.
2. Using ssldump it was found that SSL handshake response from Server is 
??? taking most of the time. Rest of the application data transfer and 
??? processing hardly takes fraction of a second. The response from SSL 
??? handshake by Server comes after anywhere between 2 to 13 seconds 
??? after initial response sent by Client.
3. Subsequent analysis of the code showed that it was the first Buffered 
?? Read/Write which was taking "inordinate" amount of time.
4. Understanding that first Buffered Read/Write was hung on SSL connection 
??? completion, I introduced SSLConnect::startHandshake() so that I can 
??? explicitly see where is the problem. It was observed that now 
??? startHandshake() blocked for as much time as first Read/Write did. 
??? Further none of the Read/Write calls block, and returned data almost 
??? immediately.

I would like to understand why startHandshake() is taking so long. I 
understand that it is a asynchronous call, but still the time delay is too much
IMO. Is it something to do with the socket configuration/cipher/encryption 
used? Using ssldump I found there was absolutely no data transfer 
between the sending of client's hello request and subsequent response 
from server, so apparently all the time startHandshake() is busy doing 
something or may be nothing - what I have no idea. FWIW, this is not a 
network latency issue, 1) all the boxes are on the same network, 2) all 
other data transfers combined takes less than 0.4s.

Can somebody kindly suggest what might be wrong or what can be done to 
fix this? Could it be some Socket or SSL setting, encryption/cipher used, or 
something else?


-Prabhat
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux