SSL write/read performance
Matt Caswell
matt at openssl.org
Wed Apr 10 09:49:17 UTC 2019
On 10/04/2019 10:32, valmiki wrote:
> Hi All,
>
> I'm trying to understand server and client code over tcp using openssl.
>
> How does the flow work when we do SSL_write or SSL_read.
>
> SSL_write -> send buffer to kernel crypto subsystem -> take encrypted buffer and send it over network socket.
>
> Is the above understanding correct ?
No, this isn't correct. All crypto is done in user space* using libcrypto.
Matt
* Actually there is a new option in master where the kernel does the TLS
encryption/decryption - but it is not on by default, and if used the kernel does
the IO too.
>
> If its correct we have following context switch from user to kernel space and vice versa
>
> -> open ssl libary to kernel crypto subsystem
>
> -> kernel crypto subsystem to ssl library
>
> -> ssl library to network subsystem
>
> Does this mean for sending a buffer we need to three context switches from user to kernel and vice versa ?
>
> Doesn't this effect performance ?
>
> Please correct me if my understanding is wrong.
>
> Regards,
> valmiki
>
>
>
>
>
>
More information about the openssl-users
mailing list