Calling DES functions is kind of suspicious? I'd expect any clients made in the last decade or so to be negotiating AES (which is much, *much* faster than DES) with either the default settings or any reasonably-secure custom settings. Can you check what cipher suites you've negotiated in production? If something is causing you to negotiate a 3DES-based cipher suite instead of an AES (preferably AES-GCM)-based cipher suite, that would definitely explain increased CPU usage.
On Thu, Apr 7, 2016 at 5:25 AM, Lukas Tribus <[email protected]> wrote: > Hi, > > Am 05.04.2016 um 10:17 schrieb Nenad Merdanovic: > >> >> I am not sure, as I haven't even be able to reliably reproduce it on 1.5 >> (though we are running with some backports from 1.6) as it seems to be >> traffic-pattern related. On one workload I exhibit instant and constant >> jump in CPU usage (from 40% to 80-100%, about 50:50 sys:usr), but on >> other, there are just some very short spikes to 100%. >> > > I've played around with an unscientific testcase (single session, large > 10MB response), perf > and ltrace, and while the number of SSL_Write calls are the same, OpenSSL > seems to > be doing more low level stuff in functions like _x86_DES_encrypt and > _x86_DES_decrypt. > > So this commit does make OpenSSL uncomfortable in some way, although it is > probably > not related to the number of SSL_write calls. > > Not sure if this is helpful. > > > cheers, > lukas > > > -- James Brown Engineer
