SSL write/read performance
valmiki
valmikibow at gmail.com
Wed Apr 10 10:03:49 UTC 2019
>> Hi All,
>>
>> I'm trying to understand server and client code over tcp using openssl.
>>
>> How does the flow work when we do SSL_write or SSL_read.
>>
>> SSL_write -> send buffer to kernel crypto subsystem -> take encrypted buffer and send it over network socket.
>>
>> Is the above understanding correct ?
> No, this isn't correct. All crypto is done in user space* using libcrypto.
>
> Matt
>
> * Actually there is a new option in master where the kernel does the TLS
> encryption/decryption - but it is not on by default, and if used the kernel does
> the IO too.
>
> Thanks Matt.
> So only one context switch happens, which is sending buffer to networking
> socket ?
>
> Regards,
> valimki
>> If its correct we have following context switch from user to kernel space and vice versa
>>
>> -> open ssl libary to kernel crypto subsystem
>>
>> -> kernel crypto subsystem to ssl library
>>
>> -> ssl library to network subsystem
>>
>> Does this mean for sending a buffer we need to three context switches from user to kernel and vice versa ?
>>
>> Doesn't this effect performance ?
>>
>> Please correct me if my understanding is wrong.
>>
>> Regards,
>> valmiki
>>
>>
>>
>>
>>
>>
More information about the openssl-users
mailing list