[openssl-users] OpenSSL performance issue

Prabhat Puroshottam prabhat.puroshottam at outlook.com
Thu Dec 18 23:10:10 UTC 2014 

I am trying to summarize the problem again, since the previous 
mail seems confusing to some of you. It might help you quickly understand
the problem I am facing:

We have a product, where Client connects to Server (Proxy Server in my 
earlier mail). Client is implemented in C and uses OpenSSL, while Server is 
implemented using Java code with BufferedInputStream and 
BufferedOutputStream. The following are my observations:

1. There is "inordinate" delay during connection establishment.
2. Using ssldump it was found that SSL handshake response from Server is 
    taking most of the time. Rest of the application data transfer and 
    processing hardly takes fraction of a second. The response from SSL 
    handshake by Server comes after anywhere between 2 to 13 seconds 
    after initial response sent by Client.
3. Subsequent analysis of the code showed that it was the first Buffered 
   Read/Write which was taking "inordinate" amount of time.
4. Understanding that first Buffered Read/Write was hung on SSL connection 
    completion, I introduced SSLConnect::startHandshake() so that I can 
    explicitly see where is the problem. It was observed that now 
    startHandshake() blocked for as much time as first Read/Write did. 
    Further none of the Read/Write calls block, and returned data almost 
    immediately.

I would like to understand why startHandshake() is taking so long. I 
understand that it is a asynchronous call, but still the time delay is too much
IMO. Is it something to do with the socket configuration/cipher/encryption 
used? Using ssldump I found there was absolutely no data transfer 
between the sending of client's hello request and subsequent response 
from server, so apparently all the time startHandshake() is busy doing 
something or may be nothing - what I have no idea. FWIW, this is not a 
network latency issue, 1) all the boxes are on the same network, 2) all 
other data transfers combined takes less than 0.4s.

Can somebody kindly suggest what might be wrong or what can be done to 
fix this? Could it be some Socket or SSL setting, encryption/cipher used, or 
something else?


-Prabhat

More information about the openssl-users mailing list