[openssl-dev] [openssl-team] Discussion: design issue: async and -lpthread
Paul Dale
paul.dale at oracle.com
Mon Nov 30 23:21:34 UTC 2015
> are you sure that the negotiated cipher suite is the same and that the
> NSS is not configured to reuse the server key share if you're using DHE
> or ECDHE?
The cipher suite was the same. I'd have to check to see exactly which was used. It is certainly possible that NSS was configured as you suggest and, if so, this would improve its performance.
However, the obstacle preventing 100% CPU utilisation for both stacks is lock contention. The NSS folks apparently spent a lot of effort addressing this and they have a far more scalable locking model than OpenSSL: one lock per context for all the different kinds of context versus a small number of global locks.
There is definitely scope for improvement here. My atomic operation suggestion is one approach which was quick and easy to validate, better might be more locks since it doesn't introduce a new paradigm and is more widely supported (C11 notwithstanding).
Regards,
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151201/7984ce62/attachment.html>
More information about the openssl-dev
mailing list