[openssl-users] Performance problems with OpenSSL and threading

John Foley foleyj at cisco.com
Fri May 1 12:36:58 UTC 2015 

The changes to SSL_locking_callback() look good.  But the code you've
added to SSL_CTX_add_extra_chain_cert_file() doesn't accomplish much. 
You're checking if FIPS is on or off, then setting the FIPS mode to the
current setting, which is a no-op.


On 04/30/2015 09:49 PM, Bryan Call wrote:
> (plain text and removed most of the history)
>
> John if you don’t mind reviewing my change to Apache Traffic Server.  It seems to be working very well.  Thank you again!
>
> https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=blobdiff;f=iocore/net/SSLUtils.cc;h=0b732440636ab4e9eaedf237a5674bdc790c3e73;hp=2fae4820d7bab301340368e6be22445476d8d948;hb=d41e96f;hpb=ba1d6f7c9394c5efadb68cf9cf06f9b90f267b09
>
> -Bryan
>
>
>
>
>> On Apr 30, 2015, at 3:52 PM, Bryan Call <bcall at apache.org> wrote:
>>
>> This is for Apache Traffic Server and we have no knobs for turning on/off FIPS.  I am thinking about always disabling FIPS right now and that would happen before we create the threads. 
>>
>> I was able to get rid of all the FIPS lock connection with the changes you recommend (Big Thanks!).  The big one now is type 1.  I am printing out the log every time the contention total is mod 1M.  Are there any tricks I can do for type 1 locks?
>>
>> [Apr 30 22:46:49.549] Server {0x7f1e4531d700} ERROR: contention for lock - total contention: 4000000 waiting: 1 file: pmeth_lib.c line: 185 type: 10
>> [Apr 30 22:46:49.688] Server {0x7f1e45822700} ERROR: contention for lock - total contention: 11000000 waiting: 2 file: err.c line: 469 type: 1
>> [Apr 30 22:46:50.406] Server {0x7f1e45c26700} ERROR: contention for lock - total contention: 4000000 waiting: 0 file: ex_data.c line: 304 type: 2
>> [Apr 30 22:46:50.932] Server {0x7f1e45b25700} ERROR: contention for lock - total contention: 12000000 waiting: 5 file: err.c line: 446 type: 1
>> [Apr 30 22:46:52.001] Server {0x7f1e45721700} ERROR: contention for lock - total contention: 1000000 waiting: 0 file: rand_lib.c line: 212 type: 19
>>
>> -Bryan
>>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list