On 12/14/22 07:15, Willy Tarreau wrote:
On Wed, Dec 14, 2022 at 07:01:59AM -0700, Shawn Heisey wrote:
On 12/14/22 06:07, Willy Tarreau wrote:
By the way, are you running with OpenSSL
3.0 ? That one is absolutely terrible and makes extreme abuse of
mutexes and locks, to the point that certain workloads were divided
by 2-digit numbers between 1.1.1 and 3.0. It took me one day to
figure that my load generator which was caping at 400 conn/s was in
fact suffering from an accidental build using 3.0 while in 1.1.1
the perf went back to 75000/s!
Is this a current problem with the latest openssl built from source?
Yes and deeper than that actually, there's even a meta-issue to try to
reference the many reports for massive performance regressions on the
project:
A followup to my followup. Time flies!
I was just reading on the openssl mailing list about what's coming in
version 3.1. The first release highlight is:
* Refactoring of the OSSL_LIB_CTX code to avoid excessive locking
Is anyone enough in tune with openssl happenings to know whether that
fixes the issues that Willy was advising me about? Or maybe improves
the situation but doesn't fully resolve it?
I tried to figure this out for myself based on data in the CHANGES.md
file, but didn't see anything that looked relevant to my very untrained
eye. Reading the code wouldn't help, as I am completely clueless when
it comes to encryption code.
Thanks,
Shawn
