On Thursday, March 1, 2012 3:57:46 AM UTC-6, Ben Noordhuis wrote: > > I was mistaken in my original post. Server-side session caching is > implemented, it's client session resumption that hasn't been fleshed > out yet.
It seems like there's *some* amount of support for client session resumption, as testing with multiple sequential requests from a single client seems to work, showing re-use of the same SSL session identifier. However, it doesn't appear to be working correctly with concurrent connections from multiple clients. (For the single-client sequential requests, I used the rfc5077-client binary from https://github.com/vincentbernat/rfc5077 and bumped up the TRY constant from 5 to 500.) Here's the output of the openssl speed tests on that server, in case it is still helpful: # openssl speed -elapsed rsa512 You have chosen to measure elapsed time instead of user CPU time. Doing 512 bit private rsa's for 10s: 58590 512 bit private RSA's in 10.00s Doing 512 bit public rsa's for 10s: 631032 512 bit public RSA's in 10.00s OpenSSL 1.0.0g-fips 18 Jan 2012 built on: Thu Jan 19 16:34:18 UTC 2012 options:bn(64,64) md2(int) rc4(8x,char) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM sign verify sign/s verify/s rsa 512 bits 0.000171s 0.000016s 5859.0 63103.2 # openssl speed -elapsed rsa512 -multi 4 Forked child 0 Forked child 1 Forked child 2 Forked child 3 +DTP:512:private:rsa:10 +DTP:512:private:rsa:10 +DTP:512:private:rsa:10 +DTP:512:private:rsa:10 +R1:35465:512:10.00 +DTP:512:public:rsa:10 +R1:35609:512:10.00 +R1:35475:512:10.00 +DTP:512:public:rsa:10 +DTP:512:public:rsa:10 +R1:35612:512:9.99 +DTP:512:public:rsa:10 +R2:363820:512:10.00 +R2:363837:512:10.00 +R2:364912:512:10.00 Got: +F2:0:512:0.000282:0.000027 from 0 Got: +F2:0:512:0.000281:0.000027 from 1 Got: +F2:0:512:0.000282:0.000027 from 2 +R2:366820:512:9.99 Got: +F2:0:512:0.000281:0.000027 from 3 OpenSSL 1.0.0g-fips 18 Jan 2012 built on: Thu Jan 19 16:34:18 UTC 2012 options:bn(64,64) md2(int) rc4(8x,char) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM sign verify sign/s verify/s rsa 512 bits 0.000070s 0.000007s 14209.6 148148.1 >
