[openssl-users] OpenSSL performance issue
Brian Reichert
reichert at numachi.com
Fri Dec 19 15:17:43 UTC 2014
On Fri, Dec 19, 2014 at 02:30:07AM +0530, Prabhat Puroshottam wrote:
> As you can see the big time difference between the two executions - which
> actually involve the same application level data. The largest chunk of
> time is spent waiting for handshake from *Proxy Server*. The response time
> of *Proxy Server* in replying back with ServerHello, varies greatly
> between 1.5 to 11 seconds across different runs. In the present case it is
> nearly 3.3 seconds - which IMO is not acceptable.
Is Client providing a certicate? Perhaps Proxy is spending time
checking CRLs. That would involve Proxy reaching out to one or
more URLs, with the attendant latencies of DNS resolution, TCP
session setup, and HTTP requests.
Do you have any intrumentation showing you what activity Proxy is
doing between ClientHEllo and ServerHello?
> Thanks, for reading through such a lengthy email. If anybody can kindly
> provide his inputs, or even point me in the right direction, I shall be
> highly grateful. Any other comments or suggestions are also highly
> welcome. Thanks for your patience,
> ?
> Prabhat.
>
>
> _______________________________________________
> openssl-users mailing list
> openssl-users at openssl.org
> https://mta.opensslfoundation.net/mailman/listinfo/openssl-users
--
Brian Reichert <reichert at numachi.com>
BSD admin/developer at large
More information about the openssl-users
mailing list