Hi all,
We are the SSL protocol team in Riverbed.
Our SSL application is linked to 1.0.1e and run into the similar handshake
performance degradation issue as addressed in the ticket#2937. We are wondering
if the two patches are officially adapted in openssl lib? If so, which release
included or will include them?
Any help will be greatly appreciated.
Thanks,
--Chang
Thu Jan 10 15:33:39 2013 Andrey Kulikov - Correspondence added
Subject: Re: [openssl.org #2937] Handshake performance degradation in
1.0.1 and up.
Date: Wed, 9 Jan 2013 02:20:53 +0400
To: r...@openssl.org
From: Andrey Kulikov <amde...@gmail.com>
Download (untitled)<http://rt.openssl.org/Ticket/Attachment/35663/19178/> /
with headers<http://rt.openssl.org/Ticket/Attachment/WithHeaders/19178>
text/plain 494b
Please find attached two patches, together implementing proper HMAC context
re-initialization instead of full re-creation.
In comparison to openssl-1.0.1c it gives ~10% handshake performance
improvements when some engine-specific MAC are used.
In order to apply patches use command
patch -p1 -i <filename>
Patches checked to applied to:
openssl-1.0.1c
openssl-1.0.2-stable-SNAP-20130108
make test report Ok. for both versions (Linux, x86[_64])
Please let me know if you have any questions.
Download (untitled)<http://rt.openssl.org/Ticket/Attachment/35663/19179/> /
with headers<http://rt.openssl.org/Ticket/Attachment/WithHeaders/19179>
text/html 542b
Download
TLS_P_hash-HMAC_reinit.patch<http://rt.openssl.org/Ticket/Attachment/35663/19180/TLS_P_hash-HMAC_reinit.patch>
application/octet-stream 2.7k
Message body not shown because it is not plain text.
Download
TLS_P_hash-HMAC_reinit2.patch<http://rt.openssl.org/Ticket/Attachment/35663/19181/TLS_P_hash-HMAC_reinit2.patch>
application/octet-stream 4.1k
Message body not shown because it is not plain text.
