Re: Increased CPU usage after upgrading 1.5.15 to 1.5.16

Janusz Dziemidowicz Wed, 30 Mar 2016 08:03:43 -0700

2016-03-30 16:42 GMT+02:00 Lukas Tribus <[email protected]>:
> Ok, so its directly related to the production load. I assume
> downgrading to 1.5.15 normalizes the CPU load again?


Yes, I've switched version back and forth several times, 1.5.16
immediately spikes CPU, 1.5.15 goes back to normal. I've also made a
clean stop/start to make sure there is nothing funny going on with
reload.

> Some quick tests:
> - try without epoll (noepoll in the global section)

Will do tomorrow as I'd prefer not to fiddle too much on my peak
traffic hours :)

> - does TLS resumption correctly work? Check with rfc5077-client:
>
> git clone https://github.com/vincentbernat/rfc5077.git
> cd rfc5077
> make rfc5077-client
>
>
> ./rfc5077-client <server>

That one is interesting (404 not found is intentional).

1.5.15:
[✔] Run tests without use of tickets.
[✔] Display result set:
    │          IP address            │ Try │         Cipher        │
Reuse │    SSL Session ID   │      Master key     │ Ticket │ Answer
    │ 
───────────────────────────────┼─────┼───────────────────────┼───────┼─────────────────────┼─────────────────────┼────────┼───────────────────
    │ XXX.XXX.XXX.XX                 │   0 │ ECDHE-RSA-AES128-SHA  │
✘   │ 42CA056CDE4D754322… │ FDC3149852034F0AD3… │   ✘    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   1 │ ECDHE-RSA-AES128-SHA  │
✔   │ 42CA056CDE4D754322… │ FDC3149852034F0AD3… │   ✘    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   2 │ ECDHE-RSA-AES128-SHA  │
✔   │ 42CA056CDE4D754322… │ FDC3149852034F0AD3… │   ✘    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   3 │ ECDHE-RSA-AES128-SHA  │
✔   │ 42CA056CDE4D754322… │ FDC3149852034F0AD3… │   ✘    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   4 │ ECDHE-RSA-AES128-SHA  │
✔   │ 42CA056CDE4D754322… │ FDC3149852034F0AD3… │   ✘    │ HTTP/1.1
404 Not Found
[✔] Dump results to file.
[✔] Run tests with use of tickets.
[✔] Display result set:
    │          IP address            │ Try │         Cipher        │
Reuse │    SSL Session ID   │      Master key     │ Ticket │ Answer
    │ 
───────────────────────────────┼─────┼───────────────────────┼───────┼─────────────────────┼─────────────────────┼────────┼───────────────────
    │ XXX.XXX.XXX.XX                 │   0 │ ECDHE-RSA-AES128-SHA  │
✘   │ B48CDC41EC22A34ED6… │ 2B69D25BF5A29D10E7… │   ✔    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   1 │ ECDHE-RSA-AES128-SHA  │
✔   │ B48CDC41EC22A34ED6… │ 2B69D25BF5A29D10E7… │   ✔    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   2 │ ECDHE-RSA-AES128-SHA  │
✘   │ 802EDB4E7A375CE3FB… │ 72CA9E420B290841AD… │   ✔    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   3 │ ECDHE-RSA-AES128-SHA  │
✘   │ DD3523D2BC0B0C6A57… │ 3251008D2F2F8A0579… │   ✔    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   4 │ ECDHE-RSA-AES128-SHA  │
✔   │ DD3523D2BC0B0C6A57… │ 3251008D2F2F8A0579… │   ✔    │ HTTP/1.1
404 Not Found

1.5.16:
[✔] Run tests without use of tickets.
[✔] Display result set:
    │          IP address            │ Try │         Cipher        │
Reuse │    SSL Session ID   │      Master key     │ Ticket │ Answer
    │ 
───────────────────────────────┼─────┼───────────────────────┼───────┼─────────────────────┼─────────────────────┼────────┼───────────────────
    │ XXX.XXX.XXX.XX                 │   0 │ ECDHE-RSA-AES128-SHA  │
✘   │ A14FF67AECBCAB10F0… │ E57365FC0BD7BEBA89… │   ✘    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   1 │ ECDHE-RSA-AES128-SHA  │
✔   │ A14FF67AECBCAB10F0… │ E57365FC0BD7BEBA89… │   ✘    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   2 │ ECDHE-RSA-AES128-SHA  │
✔   │ A14FF67AECBCAB10F0… │ E57365FC0BD7BEBA89… │   ✘    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   3 │ ECDHE-RSA-AES128-SHA  │
✔   │ A14FF67AECBCAB10F0… │ E57365FC0BD7BEBA89… │   ✘    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   4 │ ECDHE-RSA-AES128-SHA  │
✔   │ A14FF67AECBCAB10F0… │ E57365FC0BD7BEBA89… │   ✘    │ HTTP/1.1
404 Not Found
[✔] Dump results to file.
[✔] Run tests with use of tickets.
[✔] Display result set:
    │          IP address            │ Try │         Cipher        │
Reuse │    SSL Session ID   │      Master key     │ Ticket │ Answer
    │ 
───────────────────────────────┼─────┼───────────────────────┼───────┼─────────────────────┼─────────────────────┼────────┼───────────────────
    │ XXX.XXX.XXX.XX                 │   0 │ ECDHE-RSA-AES128-SHA  │
✘   │ 84A968A4543D53059C… │ 8CD2159284418218ED… │   ✔    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   1 │ ECDHE-RSA-AES128-SHA  │
✘   │ ECA9E6FEE3C8112B38… │ 944F62AB63B089B590… │   ✔    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   2 │ ECDHE-RSA-AES128-SHA  │
✘   │ 584EF0158467716BAD… │ AAF9764DF52F5CB883… │   ✔    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   3 │ ECDHE-RSA-AES128-SHA  │
✘   │ AB76C9FA3BB151B455… │ 8E2FDA0F51FDC8504A… │   ✔    │ HTTP/1.1
404 Not Found
    │ XXX.XXX.XXX.XX                 │   4 │ ECDHE-RSA-AES128-SHA  │
✔   │ AB76C9FA3BB151B455… │ 8E2FDA0F51FDC8504A… │   ✔    │ HTTP/1.1
404 Not Found
[✔] Dump results to file.

So there is no difference. Session ID based resumption works ok,
ticket based resumption is kinda broken in both versions. Are tickets
supposed to work properly with nbproc>1 ?

>> I have also Certificate Transparency patch applied, backported from
>> 1.6.
>
> Can you try without it?

Again, will try tomorrow. As an author of this patch I'm kinda sure
that it is irrelevant, but I might well be biased. Will try next thing
tomorrow morning:)

-- 
Janusz Dziemidowicz

Re: Increased CPU usage after upgrading 1.5.15 to 1.5.16

Reply via email to