[openssl-users] OpenSSL performance issue
Matt Caswell
matt at openssl.org
Fri Dec 19 15:32:35 UTC 2014
On 19/12/14 15:17, Brian Reichert wrote:
> On Fri, Dec 19, 2014 at 02:30:07AM +0530, Prabhat Puroshottam wrote:
>> As you can see the big time difference between the two executions - which
>> actually involve the same application level data. The largest chunk of
>> time is spent waiting for handshake from *Proxy Server*. The response time
>> of *Proxy Server* in replying back with ServerHello, varies greatly
>> between 1.5 to 11 seconds across different runs. In the present case it is
>> nearly 3.3 seconds - which IMO is not acceptable.
> Is Client providing a certicate? Perhaps Proxy is spending time
> checking CRLs. That would involve Proxy reaching out to one or
> more URLs, with the attendant latencies of DNS resolution, TCP
> session setup, and HTTP requests.
>
Client certificates are not provided as part of the ClientHello, so I
don't think this is the problem.
Matt
More information about the openssl-users
mailing list