On Tuesday 01 December 2015 09:21:34 Paul Dale wrote: > > are you sure that the negotiated cipher suite is the same and that > > the NSS is not configured to reuse the server key share if you're > > using DHE or ECDHE? > > There is definitely scope for improvement here. My atomic operation > suggestion is one approach which was quick and easy to validate, > better might be more locks since it doesn't introduce a new paradigm > and is more widely supported (C11 notwithstanding).
I'm not saying there is no room for improvement or that the improvements are useless. But as long as we're not comparing apples-to-apples the statistic is useless. Other things to look for: ServerKeyExchange curve or group and signature algorithm used as well as the key size of server. Each of those things can have impact completely overshadowing the lock contention differences (picking big RSA key size can easily slash performance by an order of magnitude). -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
