[openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread
Hubert Kario
hkario at redhat.com
Tue Dec 1 10:38:29 UTC 2015
On Tuesday 01 December 2015 09:21:34 Paul Dale wrote:
> > are you sure that the negotiated cipher suite is the same and that
> > the NSS is not configured to reuse the server key share if you're
> > using DHE or ECDHE?
>
> There is definitely scope for improvement here. My atomic operation
> suggestion is one approach which was quick and easy to validate,
> better might be more locks since it doesn't introduce a new paradigm
> and is more widely supported (C11 notwithstanding).
I'm not saying there is no room for improvement or that the improvements
are useless. But as long as we're not comparing apples-to-apples the
statistic is useless.
Other things to look for: ServerKeyExchange curve or group and signature
algorithm used as well as the key size of server. Each of those things
can have impact completely overshadowing the lock contention differences
(picking big RSA key size can easily slash performance by an order of
magnitude).
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151201/b3230ef5/attachment.sig>
More information about the openssl-dev
mailing list