Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 1AE14200C25 for ; Fri, 24 Feb 2017 13:47:29 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 198AA160B69; Fri, 24 Feb 2017 12:47:29 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 61E36160B5C for ; Fri, 24 Feb 2017 13:47:28 +0100 (CET) Received: (qmail 77978 invoked by uid 500); 24 Feb 2017 12:47:27 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 77966 invoked by uid 99); 24 Feb 2017 12:47:27 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2017 12:47:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id CDDD81A02C3 for ; Fri, 24 Feb 2017 12:47:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -3.498 X-Spam-Level: X-Spam-Status: No, score=-3.498 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.999, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id 3QMIp-I4e8it for ; Fri, 24 Feb 2017 12:47:25 +0000 (UTC) Received: from mail.acc.umu.se (mail.acc.umu.se [130.239.18.156]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id B3B655F24C for ; Fri, 24 Feb 2017 12:47:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by amavisd-new (Postfix) with ESMTP id 75339D32 for ; Fri, 24 Feb 2017 13:46:17 +0100 (MET) X-Virus-Scanned: amavisd-new at acc.umu.se Received: by mail.acc.umu.se (Postfix, from userid 12143) id 33F11D30; Fri, 24 Feb 2017 13:46:16 +0100 (MET) Received: from localhost (localhost [127.0.0.1]) by mail.acc.umu.se (Postfix) with ESMTP id 32101D2F for ; Fri, 24 Feb 2017 13:46:16 +0100 (MET) Date: Fri, 24 Feb 2017 13:46:16 +0100 (MET) From: Niklas Edmundsson To: httpd-dev Subject: Re: httpd 2.4.25, mpm_event, ssl: segfaults In-Reply-To: Message-ID: References: <2B733D2A-F05D-4857-9434-721A9AE78CF8@greenbytes.de> <30d3bd5d-48cf-770f-53c8-b4ec279da2bd@gmail.com> <712ee78b-179f-1381-7aec-ad9d9ccb9334@gmail.com> <6c680741-4c6d-635a-5a2c-c6d54b843b8b@gmail.com> User-Agent: Alpine 2.20 (GSO 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed archived-at: Fri, 24 Feb 2017 12:47:29 -0000 On Fri, 24 Feb 2017, Yann Ylavic wrote: > On Thu, Feb 23, 2017 at 8:50 PM, Jacob Champion wrote: >>> Going off on a tangent here: >>> >>> For those of you who actually know how the ssl stuff really works, is it >>> possible to get multiple threads involved in doing the encryption, or do >>> you need the results from the previous block in order to do the next >>> one? >> >> I'm not a cryptographer, but I think how parallelizable it is depends on the >> ciphersuite in use. Like you say, some ciphersuites require one block to be >> fed into the next as an input; others don't. > > Yes, and the cost of scheduling threads for non dedicated cypto device > is not worth it I think. > But mainly there is not only one stream involved in a typical HTTP > server, so probably multiple simulteneous connections already saturate > the AES-NI... Actually, the AES-NI capability can be seen as a dedicated crypto device of sorts... It's just a bit more versatile with a CPU core stuck in there as well ;-) I would much prefer if httpd could be able to push full bandwidth single-stream https using multiple cores instead of enticing users to use silly "parallel get" clients, download accelerators and whatnot. Granted, the use cases are not perhaps the standard serve-many-files-to-the-public ones, but they do exist. And depending on which way the computing trends blow we might start seeing more competing low-power cpus with more cores and less capability requiring more threads to perform on single/few-stream workloads. In any event I don't think the basic idea of multiple-thread-crypto should be dismissed lightly, especially if someone (definitely not me) figures out a neat way to do it :-) Personally, it's the angst! of having to wait more than 10 seconds for a DVD-sized Linux-distro.iso download when I KNOW that there are 7 cores idling and knowing that without the single-core bottleneck I would have 6 additionals seconds of time to spend on something useful 8-() /Nikke - thinking that the Subject is not that accurate anymore... -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | nikke@acc.umu.se --------------------------------------------------------------------------- Sattinger's Law: It works better if you plug it in. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=