'Apache bench - ssl sesion reuse and nagle issues'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-dev
Subject:    Apache bench - ssl sesion reuse and nagle issues
From:       "Kashyap Ashwin" <Ashwin.Kashyap () thomson ! net>
Date:       2007-07-30 16:09:19
Message-ID: EB5D6FCF4174F1488C3D7A62AF9C8E6E6C16E4 () prinsmail02 ! am ! thmulti ! com
[Download RAW message or body]

Hello,
I am benchmarking a JSON RPC server application that uses apache,
mod_python, and mod_ssl. I noticed that ab (Apache Bench) does not do
SSL session reuse. So I have implemented this feature as a patch to ab.c
that I have copied at the end.
One other issue is that Nagle algorithm really will give bad benchmark
results - especially with SSL session reuse. I know this sounds weird,
but please see http://curl.haxx.se/mail/lib-2003-03/0278.html for more
information on this topic. To summarize, I was seeing almost 20ms delay
because of this (and it only happened when SSL reuse was used!!).
With this patch applied (and if you use the new -r option) you will see
close to 50% improvement in SSL requests. Moreover, this will be more
realistic as the typical browser uses SSL session reuse. 

Please apply this patch to ab.c:
263a264
> int ssl_reuse = 0;      /* try and reuse ssl session - avoid public
key exchange */
308a310
> SSL_SESSION *ssl_sess = NULL;
552a555,566
>             /* Ashwin - save the session for reuse */
>             if (ssl_reuse == 1) {
>                 //printf("sess reuse: %ld, ecode: %d\n",
SSL_session_reused(c->ssl), ecode);
>                 if (SSL_get0_session(c->ssl) != NULL) {
>                     ssl_sess = SSL_get1_session(c->ssl);
>                     /* We probably need not do this since we do
set_session */
>                     //SSL_CTX_add_session(ssl_ctx, ssl_sess);
>                 }
>                 //else
>                 //    printf("ssl_sess == NULL\n");
>             }
> 
572a587
> 
599a615,616
> 
>     
1126a1144,1148
>     /* Ashwin - Nagle issue */
>     if ((rv = apr_socket_opt_set(c->aprsock, APR_TCP_NODELAY, 1))
>          != APR_SUCCESS) {
>         apr_err("socket tcp_nodelay", rv);
>     }
1141a1164,1170
> 
>         /* Ashwin - if we have a saved session, reuse it */
>         if (ssl_reuse == 1 && ssl_sess != NULL) {
>             //printf("set_session: %x\n", ssl_sess);
>             SSL_set_session(c->ssl, ssl_sess);
>         }
> 
1775a1805
>     fprintf(stderr, "    -r              Use SSL sesion reuse\n");
1943c1973
<     while ((status = apr_getopt(opt,
"n:c:t:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq"
---
>     while ((status = apr_getopt(opt,
"n:c:t:T:p:v:krVhwix:y:z:C:H:P:A:g:X:de:Sq"
1954a1985,1988
>                 /* Ashwin - command line option */
>             case 'r':
>                 ssl_reuse = 1;
>                 break;
2150a2185
>         }
2151a2187,2189
>     /*Ashwin - set cache mode. Dunno if we need this (we do a
set_session) */
>     if (ssl_reuse == 1) {
>         SSL_CTX_set_session_cache_mode(ssl_ctx, 
> SSL_SESS_CACHE_CLIENT);
2152a2191
>

Openssl gurus out there, please comment.

Thanks,
Ashwin

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ashwin Kashyap
Member Technical Staff
Thomson - Corporate Research
(609) 987-7334


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic