[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-dev
Subject: Apache bench - ssl sesion reuse and nagle issues
From: "Kashyap Ashwin" <Ashwin.Kashyap () thomson ! net>
Date: 2007-07-30 16:09:19
Message-ID: EB5D6FCF4174F1488C3D7A62AF9C8E6E6C16E4 () prinsmail02 ! am ! thmulti ! com
[Download RAW message or body]
Hello,
I am benchmarking a JSON RPC server application that uses apache,
mod_python, and mod_ssl. I noticed that ab (Apache Bench) does not do
SSL session reuse. So I have implemented this feature as a patch to ab.c
that I have copied at the end.
One other issue is that Nagle algorithm really will give bad benchmark
results - especially with SSL session reuse. I know this sounds weird,
but please see http://curl.haxx.se/mail/lib-2003-03/0278.html for more
information on this topic. To summarize, I was seeing almost 20ms delay
because of this (and it only happened when SSL reuse was used!!).
With this patch applied (and if you use the new -r option) you will see
close to 50% improvement in SSL requests. Moreover, this will be more
realistic as the typical browser uses SSL session reuse.
Please apply this patch to ab.c:
263a264
> int ssl_reuse = 0; /* try and reuse ssl session - avoid public
key exchange */
308a310
> SSL_SESSION *ssl_sess = NULL;
552a555,566
> /* Ashwin - save the session for reuse */
> if (ssl_reuse == 1) {
> //printf("sess reuse: %ld, ecode: %d\n",
SSL_session_reused(c->ssl), ecode);
> if (SSL_get0_session(c->ssl) != NULL) {
> ssl_sess = SSL_get1_session(c->ssl);
> /* We probably need not do this since we do
set_session */
> //SSL_CTX_add_session(ssl_ctx, ssl_sess);
> }
> //else
> // printf("ssl_sess == NULL\n");
> }
>
572a587
>
599a615,616
>
>
1126a1144,1148
> /* Ashwin - Nagle issue */
> if ((rv = apr_socket_opt_set(c->aprsock, APR_TCP_NODELAY, 1))
> != APR_SUCCESS) {
> apr_err("socket tcp_nodelay", rv);
> }
1141a1164,1170
>
> /* Ashwin - if we have a saved session, reuse it */
> if (ssl_reuse == 1 && ssl_sess != NULL) {
> //printf("set_session: %x\n", ssl_sess);
> SSL_set_session(c->ssl, ssl_sess);
> }
>
1775a1805
> fprintf(stderr, " -r Use SSL sesion reuse\n");
1943c1973
< while ((status = apr_getopt(opt,
"n:c:t:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq"
---
> while ((status = apr_getopt(opt,
"n:c:t:T:p:v:krVhwix:y:z:C:H:P:A:g:X:de:Sq"
1954a1985,1988
> /* Ashwin - command line option */
> case 'r':
> ssl_reuse = 1;
> break;
2150a2185
> }
2151a2187,2189
> /*Ashwin - set cache mode. Dunno if we need this (we do a
set_session) */
> if (ssl_reuse == 1) {
> SSL_CTX_set_session_cache_mode(ssl_ctx,
> SSL_SESS_CACHE_CLIENT);
2152a2191
>
Openssl gurus out there, please comment.
Thanks,
Ashwin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ashwin Kashyap
Member Technical Staff
Thomson - Corporate Research
(609) 987-7334
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic