[openssl-users] Session Ticket Support in Openssl TLS 1.2

Matt Caswell matt at openssl.org
Tue Jun 20 09:09:00 UTC 2017 


On 19/06/17 19:11, Neetish Pathak wrote:
> 2) Can you suggest some places to put a time stamp in OpenSSL code. 

I agree with Ben's responses to all your other questions. For this
question, I'm not sure what you are trying to achieve? Starting before
SSL_accept/SSL_connect and finishing after they return should be fine.
Or are you looking for a breakdown of where the time is going?


Matt

> 
> Thanks
> Best Regards,
> Neetish
> 
> On Mon, Jun 19, 2017 at 5:49 AM, Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
> 
> 
> 
>     On 16/06/17 23:51, Neetish Pathak wrote:
>     > Thanks Matt, Appreciate ur response and tips
>     >
>     > On Fri, Jun 16, 2017 at 3:36 PM, Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>
>     > <mailto:matt at openssl.org <mailto:matt at openssl.org>>> wrote:
>     >
>     >
>     >
>     >     On 16/06/17 20:08, Benjamin Kaduk via openssl-users wrote:
>     >     > On 06/16/2017 01:58 PM, Neetish Pathak wrote:
>     >     >> Hello
>     >     >> Thanks
>     >     >> I tried reading  some content from the server side and I
>     observed the
>     >     >> new_session_cb getting invoked in that case on the client
>     side. I
>     >     >> understand that may be due to delayed NewSession info
>     transfer from
>     >     >> server side to client side. But it is helpful for saving
>     the session
>     >     >> info on the client side. (Thanks Matt for your input)
>     >     >>
>     >     >> However, now I have two concerns
>     >     >>
>     >     >> 1) I see that latency for handshake with session resumption in
>     >     TLS 1.3
>     >     >> has not improved as much as it improves for TLS 1.2
>     >     >> With TLS 1.3, I observed that resumption brings down the
>     connection
>     >     >> time from 2.5 ms to 1.2-1.3 ms
>     >     >> while with TLS 1.2 (using either session IDs or tickets), the
>     >     >> connection time reduces from 2.5 ms to 0.5-0.6 ms.
>     >     >>
>     >     >> The whole code is similar for running the two experiments
>     with only
>     >     >> max TLS version changed. Can someone comment on the latency
>     >     >> measurements for the two cases.
>     >     >> TLS 1.3 is supposed to be better than TLS 1.2 in my
>     opinion. Please
>     >     >> comment.
>     >     >>
>     >     >
>     >     > Are you seeing a HelloRetryRequest in the resumption flow? 
>     That would
>     >     > add an additional round trip.  (Your numbers in milliseconds
>     are of
>     >     > course not transferrable to other systems; round-trips is an
>     easier to
>     >     > understand number.)  RFC 5246 and draft-ietf-tls-tls13-20
>     both have
>     >     > message-flow diagrams that show the number of round trips in
>     various
>     >     > handshake flows.
>     >
>     >     Care should also be taken about when you are starting your
>     "timer" and
>     >     when you stop it, e.g. if you stop your timer after the
>     session ticket
>     >     data has been received by the client then this is not a "fair"
>     test (the
>     >     connection is ready for data transfer earlier than the arrival
>     of the
>     >     session ticket).
>     >
>     >     I would expect to see the TLS1.3 latency for a full handshake
>     to be
>     >     around the same as for a TLS1.2 resumption handshake. With a
>     TLS1.3
>     >     resumption only marginally different. There are the same
>     number of round
>     >     trips for a TLS1.3 full handshake as that there are for a
>     resumption
>     >     one. The primary difference is that the Certificate message is
>     not sent
>     >     (which can be quite a large message).
>     >
>     >     Your timings suggest you are testing this over a LAN where the
>     effects
>     >     of network latency are going to be relatively low. The real
>     benefits
>     >     from fewer round trips will really be seen when network
>     latency is more
>     >     significant.
>     >
>     >
>     >
>     > In my application program, I put start and stop timer before and after
>     > SSL_accept on server side and before and after SSL_connect on the
>     client
>     > side.
> 
>     That should be fine (my worry was that you might also be including the
>     subsequent session ticket transfer).
> 
>     > I am not sure how I can put timers at individual steps of Handshake
>     > using my client applications. I was assuming SSL and SSL_accept take
>     > care of the entire handshake process.
>     >
>     > Yes, I am testing on local machine. I will migrate my test to remote
>     > machines. But I am not really able to understand why TLS 1.3 is slower
>     > on my machine.
> 
>     If you are on a local machine I would not expect a significant speed up
>     in TLSv1.3 vs TLSv1.2. TLSv1.3 has been designed to reduce the number of
>     round-trips required in order to avoid unnecessary network latency. If
>     you are on a local machine then there isn't any significant network
>     latency anyway - so timings are presumably dominated by the CPU
>     intensive tasks. You should make sure that you are comparing like with
>     like, i.e. the same ciphers, key lengths, key exchange algorithms,
>     curves etc between TLSv1.2 and TLSv1.3. Differences in any one of these
>     could obviously have significant performance impacts.
> 
>     Matt
> 
>     --
>     openssl-users mailing list
>     To unsubscribe:
>     https://mta.openssl.org/mailman/listinfo/openssl-users
>     <https://mta.openssl.org/mailman/listinfo/openssl-users>
> 
> 
> 
>

More information about the openssl-users mailing list