Crash in SSL_do_handshake: s->method->ssl_renegotiate_check(s)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/4/15 11:11 am, Jeffrey Walton wrote:
> On Sat, Apr 4, 2015 at 11:03 PM, Michael Clark <michael at metaparadigm.com> wrote:
>> ...
>> Now works on Darwin/OSX: https://github.com/michaeljclark/async_tls_test
>>
>> Just working through poll peculiarities on Linux. Thanks.
> Related: libevent (http://libevent.org/) does a pretty good job of
> abstracting that away. I believe it works on Linux, BSDs, OS X and
> Windows. But you'll have to switch to a fully asynchronous
> architecture.

Thanks. Yes there is ASIO too:

  https://think-async.com/Asio/AsioStandalone
 
http://stackoverflow.com/questions/18506739/boostasio-http-server-extremely-slow

I've looked at libevent. There is also libev and libuv. I think they may
use the BIO method for async operation, which doesn't share fds with
openssl; only memory buffers. The BIO approach may require additional
buffer copies. Extra buffer copies may be negligible compared to the
encryption overhead, however AES-NI is very fast in terms of cycles per
byte.

With connection establishment excluded (a large chunk of the TLS
overhead) and the case of 16 parallel keepalive connections pumping
objects to/from the server (to/from RAM or SSD); the overhead might be
appreciable. I am able to get about 18GB/sec AES encryption with AES-NI
on a 6-core/12-thread machine with openssl AES-NI. That is a substantial
proportion of the memory bandwidth of the machine which is approximately
~60GB/sec. I guess buffer copies will happen in L2/L3 cache where the
bandwidth is higher, so perhaps this is less of an issue.

In any case I was thinking of using the SSL_ERROR_WANT_READ /
SSL_ERROR_WANT_WRITE approach vs the BIO approach. Exploring this at the
moment...

I'm a beggar for punishment and I like to be aware of the quirks at the
foundations and have written my own event abstraction layer that uses
poll, kqueue and epoll. It doesn't handle TLS *yet*. I wanted to
implement a simple poll-based echo server to get the hang of the OpenSSL
API.

    https://github.com/metaparadigm/latypus
    https://github.com/metaparadigm/latypus/blob/master/src/pollset.h

With plain HTTP latypus can do ~255,000 reqs/sec (16 threads) vs nginx
~140,000 req/sec (16 processes), logging enabled, on a 16 core AWS
r3.4xlarge instance. This is mainly due to a more efficient logging
implementation (in memory async ring buffer). latypus is slower than
nginx with logging disabled but it does not have an open file cache. I
would also like to instrument the server to log TLS options, ciphers and
versions. Something most current generation servers do not do. For this
I need to be comfortable with the OpenSSL API. Hence the simple async
echo server.

Also want to use C++1y vs C, and use existing language infrastructure
where possible e.g. std::set, std::map, std::vector, etc

Many of the current C engines reinvent their own hash tables, lists and
buffers. i.e. there are as many hash table implementations as there are
servers.

~mc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150405/297248db/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux