I'm interested in just how much a singlethreaded nonblocking server handling N active clients suffers when the N+1th client connects. (Best to understand one's enemy before one decides to fight.) According to Rescorla's book, the big CPU hit is in ssl3_get_client_key_exchange when it calls RSA_private_decrypt(). This takes 30 of the 32 milliseconds needed to process the connection on a 300 MHz Pentium (II). Presumably that would cause approximately 30 milliseconds of extra latency in the other clients, as they can't be serviced while RSA_private_decrypt() is being called on behalf of the new one. The impact is probably small as long as RSA_private_decrypt() is less than 1% of clock time, or in other words, as long as there is less than one new connection requiring RSA_private_decrypt() every 3 seconds (on the system Rescorla was testing with). If connections start coming in ten times faster than that, you might see some big (300ms) latency spikes. How's that for a quick analysis? Has anyone wrote code to measure this? - Dan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
