On Fri, Nov 21, 2003 at 01:40:32PM +0100, Pär Ahrén wrote:
> Lutz Jaenicke wrote:
>
> <removed text...>
>
> > (Values changing for higher "time" values but the tendency is clear:
> > session reuse _is_ a performance booster...
>
> The strange thing is that if I don't do "-www /" it works fine
> This is agains a domino-server for reference
I understand that you have problems interpreting the results. So do I :-)
> =====================
> Looks ok: No "-www"
> =====================
> $ openssl s_time -connect domino.infrasec.se:443 -time 3
> No CIPHER specified
> Collecting connection statistics for 3 seconds
> 33333333333333333333333333333333333
>
> 35 connections in 0.05s; 700.00 connections/user sec, bytes read 0
> 35 connections in 4 real seconds, 0 bytes read per connection
>
>
> Now timing with session id reuse.
> starting
> rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
>
> 86 connections in 0.01s; 8600.00 connections/user sec, bytes read 0
> 86 connections in 4 real seconds, 0 bytes read per connection
All output is "r", so the session was reused.
However: no data was transferred, the connection was shut down immediately.
> =====================
> Strange: With "-www"
> =====================
> $ openssl s_time -connect domino.infrasec.se:443 -time 3 -www /
> No CIPHER specified
> Collecting connection statistics for 3 seconds
> 333333333333333333333333333
>
> 27 connections in 0.05s; 540.00 connections/user sec, bytes read 171963
> 27 connections in 4 real seconds, 6369 bytes read per connection
>
>
> Now timing with session id reuse.
> starting
> rrrrrrrrr
>
> 9 connections in 0.01s; 900.00 connections/user sec, bytes read 57321
> 9 connections in 4 real seconds, 6369 bytes read per connection
> $
Ok, all output is "r", so the session was reused, too.
Hmm. Would it be possible that a re-negotiation takes place when actually
transferring data with SSL_write() or SSL_read()?
It would be necessary to print out the session ID to see a change.
What cipher is being used? If you have control over the private key of
the server and use RC4-MD5 you could use SSLdump to perform a detailed
examination of the communication.
Did you observe this effect with servers beyond Domino?
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
