[openssl-users] Performance problems with OpenSSL and threading

Bryan Call bcall at apache.org
Fri May 8 17:01:53 UTC 2015 

It is in non-blocking mode.

After removing the call to SSL_get_error for the SSL_read case (0 return value) I discovered we call SSL_get_error in a couple more places.  Here is a simple request and the return codes on SSL_accept, SSL_read, and SSL_write and the return codes from SSL_get_error.  Every time we get a return code that is <= 0 we call SSL_get_error.  For a simple request we call it 5 times!

[May  8 09:38:01.075] Server {0xe95c000} DEBUG: <SSLUtils.cc:2111 (SSLAccept)> (bcall) SSL_accept - return value: -1 SSL_get_error: 2 errno: 0 shutdown: 0
[May  8 09:38:01.081] Server {0xe95c000} DEBUG: <SSLUtils.cc:2099 (SSLAccept)> (bcall) SSL_accept - return value: 1 SSL_get_error: 0 errno: 0 shutdown: 0
[May  8 09:38:01.081] Server {0xe95c000} DEBUG: <SSLUtils.cc:2087 (SSLReadBuffer)> (bcall) SSL_read - bytes: 0 return value: -1 SSL_get_error: 2 errno: 35 shutdown: 0
[May  8 09:38:01.103] Server {0xe95c000} DEBUG: <SSLUtils.cc:2066 (SSLReadBuffer)> (bcall) SSL_read - bytes: 0 return value: 73 SSL_get_error: 0 errno: 0 shutdown: 0
[May  8 09:38:01.103] Server {0xe95c000} DEBUG: <SSLUtils.cc:2087 (SSLReadBuffer)> (bcall) SSL_read - bytes: 0 return value: -1 SSL_get_error: 2 errno: 35 shutdown: 0
[May  8 09:38:01.113] Server {0xe95c000} DEBUG: <SSLUtils.cc:2033 (SSLWriteBuffer)> (bcall) SSL_write - bytes: 0 return value: 364 SSL_get_error: 0 errno: 0 shutdown: 0
[May  8 09:38:01.113] Server {0xe95c000} DEBUG: <SSLUtils.cc:2033 (SSLWriteBuffer)> (bcall) SSL_write - bytes: 0 return value: 249 SSL_get_error: 0 errno: 0 shutdown: 0
[May  8 09:38:01.113] Server {0xe95c000} DEBUG: <SSLUtils.cc:2087 (SSLReadBuffer)> (bcall) SSL_read - bytes: 0 return value: -1 SSL_get_error: 2 errno: 35 shutdown: 0
[May  8 09:38:01.113] Server {0xe95c000} DEBUG: <SSLUtils.cc:2087 (SSLReadBuffer)> (bcall) SSL_read - bytes: 0 return value: 0 SSL_get_error: 6 errno: 0 shutdown: 2

errno value from above (on OSX):
sys/errno.h:#define	EAGAIN		35		/* Resource temporarily unavailable */

If someone knows of a good way to reduce the number of calls to SSL_get_error that would be really helpful.  I am trying to push 20Gbits/second on this server.  I am hoping that I can get the same results as I would have from SSL_get_error, by looking at other variables in the SSL structure or errno or should I wait for the lock handling to be cleaned up in the error-stack?

-Bryan




> On May 7, 2015, at 10:59 AM, John Foley <foleyj at cisco.com> wrote:
> 
> Not sure.  
> 
> Are you using blocking or non-blocking IO?  
> Have you tried SSL_MODE_AUTO_RETRY?
> Do you notice a different return value from SSL_read() after a zero byte read compared to other errors?
>

More information about the openssl-users mailing list