I'm affraid flamegraphs for two different servers with two different OpenSSL libraries without information about type of load it was collected with and without any information other than "smth. started spending much more time than it was" can not give much information about root cause for the issue.
You may start with: 1. Describing you test procedure. (what are you measuring? Handshakes? Data transfer? Multithreaded?) 2. Describing test environment (type of certificates, key length, used chiphersuites, etc) 3. Measure performance differences in absolute values (ms, handshakes per second, etc) 4. Measure nginx perfromance with two different OpenSSL versions. 5. Measure your server performance with two different OpenSSL versions. 6. Share your findings. On 5 January 2013 13:14, Fedor Indutny <[email protected]> wrote: > Hello devs, > > Right now I'm doing a lot of benchmarks, trying to figure out how to make > my https server as fast as are others (for example, nginx). I've found that > somewhere between 0.9.8 and 1.0.1c ssl3_get_cert_verify has started > spending much more time than it was. > > I wonder if you're aware of it, or if this thing can depend on some > SSL_CTX mode/flag. > > Here are flamegraphs for you to make it more clearer what I'm talking > about: > > * My server (openssl1.0.1c) - http://blog.indutny.com/f/tlsnappy-x64.svg > * Nginx (openssl0.9.8) - http://blog.indutny.com/f/nginx.svg > > And here are sources of my server, just in case if you need them to figure > something out: > https://github.com/indutny/tlsnappy/blob/master/src/tlsnappy.cc > > Thank you, > Fedor. >
