Summary: | performance drop after moving from apache 2.2 to apache 2.4 | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | paolo <paolo.ganci> |
Component: | Core | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | NEW --- | ||
Severity: | normal | CC: | veit |
Priority: | P2 | ||
Version: | 2.4.34 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux |
Description
paolo
2018-07-31 16:35:00 UTC
After some debug-session I found out that the problem are the ERR_clear_error calls in ssl_filter_write and ssl_io_input_read. If I remove those calls the performance is the same like with httpd/2.2. Are those calls really needed in the ssl_io_input_read/ssl_filter_write function? Isn't it enough to have it only in the ssl_io_filter_handshake function. Or what about to call this function only if an error occurred: else /* (rc < 0) */ { int ssl_err = SSL_get_error(inctx->filter_ctx->pssl, rc); conn_rec *c = (conn_rec*)SSL_get_app_data(inctx->filter_ctx->pssl); + ERR_clear_error(); if (ssl_err == SSL_ERROR_WANT_READ) { Many thanks for any answer. (In reply to paolo from comment #1) > After some debug-session I found out that the problem are the > ERR_clear_error calls in ssl_filter_write and ssl_io_input_read. If I remove > those calls the performance is the same like with httpd/2.2. > > Are those calls really needed in the ssl_io_input_read/ssl_filter_write > function? > Isn't it enough to have it only in the ssl_io_filter_handshake function. > > Or what about to call this function only if an error occurred: > > else /* (rc < 0) */ { > int ssl_err = SSL_get_error(inctx->filter_ctx->pssl, rc); > conn_rec *c = > (conn_rec*)SSL_get_app_data(inctx->filter_ctx->pssl); > > + ERR_clear_error(); > > if (ssl_err == SSL_ERROR_WANT_READ) { > > > Many thanks for any answer. ref: https://bz.apache.org/bugzilla/show_bug.cgi?id=60223 For 100% clarity, this was observed with the version of ab shipped with 2.2.34, or the version shipped with 2.4.24? It should be obvious that ab has also undergone some enhancements and changes for support of TLS, and the two different versions are expected to produce two different results. I used for both tests the ab installed on my host: paolo@adnvl005:~ ab -V This is ApacheBench, Version 2.3 <$Revision: 655654 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/\ Apart that I get to the same performance issue if using other software, like gatling etc. Confirmed in dev@ discussion, this flavor of ab dates to the 2.2.x epoch and is consistent for both (observed with 'This is ApacheBench, Version 2.3 <$Revision: 655654 $>'.) Because of the transition of TLS session cache to TLS session tokens, it may be worthwhile to see if this is only true of very ancient clients, and whether this combination of an older ab with an older openssl is in part to blame for the failure to speak efficiently to modern httpd linked to modern openssl. This can be tested using the most recent ab utility against both servers. > Apart that I get to the same performance issue if using other software, like gatling etc.
Thanks Paolo!
Presuming the other software is on the same machine, relying on the same openssl client library, what is your system's response to;
$ openssl version
Hi William, here the openssl-version which is installed on my host: paolo@adnvl005:~/ openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 |