httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kashyap Ashwin" <Ashwin.Kash...@thomson.net>
Subject Apache bench - ssl sesion reuse and nagle issues
Date Mon, 30 Jul 2007 16:09:19 GMT
Hello,
I am benchmarking a JSON RPC server application that uses apache,
mod_python, and mod_ssl. I noticed that ab (Apache Bench) does not do
SSL session reuse. So I have implemented this feature as a patch to ab.c
that I have copied at the end.
One other issue is that Nagle algorithm really will give bad benchmark
results - especially with SSL session reuse. I know this sounds weird,
but please see http://curl.haxx.se/mail/lib-2003-03/0278.html for more
information on this topic. To summarize, I was seeing almost 20ms delay
because of this (and it only happened when SSL reuse was used!!).
With this patch applied (and if you use the new -r option) you will see
close to 50% improvement in SSL requests. Moreover, this will be more
realistic as the typical browser uses SSL session reuse. 

Please apply this patch to ab.c:
263a264
> int ssl_reuse = 0;      /* try and reuse ssl session - avoid public
key exchange */
308a310
> SSL_SESSION *ssl_sess = NULL;
552a555,566
>             /* Ashwin - save the session for reuse */
>             if (ssl_reuse == 1) {
>                 //printf("sess reuse: %ld, ecode: %d\n",
SSL_session_reused(c->ssl), ecode);
>                 if (SSL_get0_session(c->ssl) != NULL) {
>                     ssl_sess = SSL_get1_session(c->ssl);
>                     /* We probably need not do this since we do
set_session */
>                     //SSL_CTX_add_session(ssl_ctx, ssl_sess);
>                 }
>                 //else
>                 //    printf("ssl_sess == NULL\n");
>             }
> 
572a587
> 
599a615,616
> 
>     
1126a1144,1148
>     /* Ashwin - Nagle issue */
>     if ((rv = apr_socket_opt_set(c->aprsock, APR_TCP_NODELAY, 1))
>          != APR_SUCCESS) {
>         apr_err("socket tcp_nodelay", rv);
>     }
1141a1164,1170
> 
>         /* Ashwin - if we have a saved session, reuse it */
>         if (ssl_reuse == 1 && ssl_sess != NULL) {
>             //printf("set_session: %x\n", ssl_sess);
>             SSL_set_session(c->ssl, ssl_sess);
>         }
> 
1775a1805
>     fprintf(stderr, "    -r              Use SSL sesion reuse\n");
1943c1973
<     while ((status = apr_getopt(opt,
"n:c:t:T:p:v:kVhwix:y:z:C:H:P:A:g:X:de:Sq"
---
>     while ((status = apr_getopt(opt,
"n:c:t:T:p:v:krVhwix:y:z:C:H:P:A:g:X:de:Sq"
1954a1985,1988
>                 /* Ashwin - command line option */
>             case 'r':
>                 ssl_reuse = 1;
>                 break;
2150a2185
>         }
2151a2187,2189
>     /*Ashwin - set cache mode. Dunno if we need this (we do a
set_session) */
>     if (ssl_reuse == 1) {
>         SSL_CTX_set_session_cache_mode(ssl_ctx, 
> SSL_SESS_CACHE_CLIENT);
2152a2191
>

Openssl gurus out there, please comment.

Thanks,
Ashwin

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ashwin Kashyap
Member Technical Staff
Thomson - Corporate Research
(609) 987-7334


Mime
View raw message