Gooegg - We don't use this (virtual) machine for anything other than ASSP,
but I tested with Chrome and IE and see no issues browsing HTTPS sites. I
wouldn't even being to know where to start looking in Wireshark. I've used
it for sniffing here and there, but don't know enough about tls/ssl to know
what is normal vs what's not re captured packets.
On Fri, Jun 10, 2016 at 9:31 AM, Gooegg <sysad...@satelcom.qc.ca> wrote:
> Maybe the root of the problem is not directly related to ASSP/LibSSL. I
> would suggest you to try to run Wireshark on that box at
> one point, as there may be excessive retransmission or packet
> fragmentation on the network link. Have you noticed if HTTPS sites
> are much slower than plain HTTP sites while browsing from that machine? If
> so, the problem may be caused by a bad Ethernet link.
> Defective hardware, incorrect link negotiation or port configuration on
> your NIC, switch or router can, sometimes kill SSL/TLS
> performance while leaving plain traffic mostly unaffected.
>
> Gooegg
>
>
> Le 2016-06-09 à 12:52, Thomas Eckardt a écrit :
> > Windows 2012 R2 has at least a system TCP receive and send buffer of
> 64KB.
> >
> > The max frame size for SSL is 16384 byte (16KB). If you set the SSL
> > receive buffer for assp to 8192 , there will be 8192 byte left in the
> > SSL-read-buffer after reading - assp warns about this and reads until the
> > SSL-read-buffer is empty.
> > Setting the TCP-buffer size in assp lower than the system buffer size
> will
> > lead in to a performance penalty.
> > Setting the SSL- buffer size in assp above 16KB may lead into
> > renegotiation problems (SSL want a read/write first) - 16KB is a safe
> > setting - higher values will improve performance in most cases.
> >
> > Thomas
> >
> >
> >
> > Von: K Post <nntp.p...@gmail.com>
> > An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> > Datum: 09.06.2016 18:30
> > Betreff: Re: [Assp-test] Very slow TLS sessions - Windows server
> >
> >
> >
> > Also, I tried setting all to 8192 and got lots of messages in the log
> like
> > warning: there are 7268 byte pending in SSL buffer - this should not
> > happen
> >
> > Turned tls off again for now.
> >
> >
> >
> > On Thu, Jun 9, 2016 at 10:52 AM, K Post <nntp.p...@gmail.com> wrote:
> >
> >> Updated to the newest version.
> >>
> >> When I did
> >> sslrcv = 0, sslsnd=0
> >> I get, in green:
> >>
> >> *** Updated TCPBufferSize - TCP Receive Buffer is set to 65536 byte
> > (note
> >> missing line break)
> >> *TCPBufferSize - TCP Send Buffer is set to 65536 byte*
> >> *TCPBufferSize - SSL Receive Buffer is set to 65536 byte*
> >> *TCPBufferSize - SSL Send Buffer is set to 65536 byte*
> >>
> >> With those settings and TLS back on, it's transferring at around 1.25MB
> >> per minute. That ONE test is slightly better than before, but still
> >> pretty bad.
> >>
> >>
> >> I tried setting all 4 to 1024000, but can't. When I copy in what you
> >> typed, I get a javascript popup saying
> >> *Invalid 'TCPBufferSize' - unchanged*
> >>
> >> and in the GUI under TCPBufferSize there's a red error message:
> >> **** Invalid: 'tcprcv = 1024000 , tcpsnd = 1024000 ,sslrcv = 1024000,
> >> sslsnd = 1024000' (check returned '')*
> >>
> >> I tried with the comma right after 1024000 and more traditional spacing,
> >> same warning.
> >>
> >> The GUI says max value is 999,999 but you've got 1,024,000 *I don't
> >> know if you mean just 1024, added a zero or what...*
> >>
> >> *THANK YOU*
> >>
> >>
> >>
> >> On Thu, Jun 9, 2016 at 4:40 AM, Thomas Eckardt
> > <thomas.ecka...@thockar.com
> >>> wrote:
> >>> Install 2.5.2(16158)
> >>> set 'TCPBufferSize' to : sslrcv = 0, sslsnd = 0
> >>>
> >>> tell me if TLS speed is better or not
> >>>
> >>>
> >>> set 'TCPBufferSize' to : tcprcv = 1024000 , tcpsnd = 1024000 ,sslrcv =
> >>> 1024000, sslsnd = 1024000
> >>>
> >>> are there any performance improvements?
> >>>
> >>> Thomas
> >>>
> >>>
> >>>
> >>> Von: K Post <nntp.p...@gmail.com>
> >>> An: ASSP development mailing list <assp-test@lists.sourceforge.net
> >
> >>> Datum: 02.06.2016 04:55
> >>> Betreff: Re: [Assp-test] Very slow TLS sessions - Windows server
> >>>
> >>>
> >>>
> >>> Could this be the problem? Is OpenSSL even used by ASSP for receiving
> >>> email? I feel like it's not, but thought I'd put this out there.
> >>>
> >>> OpenSSL 1.0.1h 1.0.1h / 0.9.8
> >>> OpenSSL-lib 1.0.2g 1 Mar 2016 1.0.2g / 1.0.1h
> >>>
> >>> I have OpenSSL binaries installed in c:\openssl, and that is 1.0.2g
> > from
> >>> https://slproweb.com/products/Win32OpenSSL.html
> >>>
> >>> I don't know what 1.0.1h OpenSSL ASSP is seeing. Can you tell me what
> >>> would
> >>> need to be updated to make that be 1.0.2g AND DO WE CARE?
> >>>
> >>> Could that version mismatch be causing the terrible slowness when
> >>> receiving
> >>> large attachments?
> >>>
> >>>
> >>> I looked through all other modules, they're all at or later than the
> >>> recommended minimum version (updated through Activestate's PPM)
> >>>
> >>> For now I've got TLS off, but that's not viable long term.
> >>>
> >>> Oh and there appears to be plenty of processing power on this machine
> > (12
> >>> cores, 2+ ghz, 32gb ram)
> >>>
> >>>
> >>> THANK YOU
> >>>
> >>>
> >>>
> >>> On Wed, Jun 1, 2016 at 12:25 PM, K Post <nntp.p...@gmail.com> wrote:
> >>>
> >>>> also, with DoTLS set to drop, the WebUI is 500% faster. Doing
> > searches
> >>> in
> >>>> maillog returns results like a dream!
> >>>>
> >>>> On Wed, Jun 1, 2016 at 12:11 PM, K Post <nntp.p...@gmail.com> wrote:
> >>>>
> >>>>> Running 16142, though I suspect this problem has been going on for a
> >>>>> while now.
> >>>>> Windows.
> >>>>>
> >>>>> I just discovered that large inbound emails (bit attachments say
> > over
> >>>>> 10mb) that use TLS connections are taking forever to complete. For
> >>>>> example, a 13mb email from a gmail.com address (and confirm coming
> >>> from
> >>>>> google servers) took over 15 minutes to complete.
> >>>>>
> >>>>> In my testing, I found that changing DoTLS to Drop lets large emails
> >>> come
> >>>>> through nice and fast. A 10mb attachment took over 12 minutes
> > before,
> >>> now
> >>>>> it's just a couple of seconds with TLS off.
> >>>>>
> >>>>> The powers that be want encryption on (and so do I). I'm okay with
> >>> slow,
> >>>>> but gmail specifically has a warning to its users after 899.9
> > seconds
> >>> (15
> >>>>> minutes). If it takes longer than that, they get a delay warning
> > which
> >>>>> causes all kinds of confusion.
> >>>>>
> >>>>> Any suggestions on how to figure out what's taking so long with TLS
> > on?
> >>>>> All modules up to date.
> >>>>>
> >>>>> Thank you.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >
> ------------------------------------------------------------------------------
> >>> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> >>> traffic
> >>> patterns at an interface-level. Reveals which users, apps, and
> > protocols
> >>> are
> >>> consuming the most bandwidth. Provides multi-vendor support for
> > NetFlow,
> >>> J-Flow, sFlow and other flows. Make informed decisions using capacity
> >>> planning reports.
> >>> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> >>> _______________________________________________
> >>> Assp-test mailing list
> >>> Assp-test@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/assp-test
> >>>
> >>>
> >>>
> >>>
> >>> DISCLAIMER:
> >>> *******************************************************
> >>> This email and any files transmitted with it may be confidential,
> > legally
> >>> privileged and protected in law and are intended solely for the use of
> > the
> >>> individual to whom it is addressed.
> >>> This email was multiple times scanned for viruses. There should be no
> >>> known virus in this email!
> >>> *******************************************************
> >>>
> >>>
> >>>
> >>>
> >
> ------------------------------------------------------------------------------
> >>> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> >>> traffic
> >>> patterns at an interface-level. Reveals which users, apps, and
> > protocols
> >>> are
> >>> consuming the most bandwidth. Provides multi-vendor support for
> > NetFlow,
> >>> J-Flow, sFlow and other flows. Make informed decisions using capacity
> >>> planning reports.
> >>> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> >>> _______________________________________________
> >>> Assp-test mailing list
> >>> Assp-test@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/assp-test
> >>>
> >>>
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> > traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
> > are
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning reports.
> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential, legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> > patterns at an interface-level. Reveals which users, apps, and protocols
> are
> > consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> > J-Flow, sFlow and other flows. Make informed decisions using capacity
> > planning reports.
> https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> >
> >
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
