On Tuesday 01 December 2015 09:21:34 Paul Dale wrote:
> > are you sure that the negotiated cipher suite is the same and that
> > the NSS is not configured to reuse the server key share if you're
> > using DHE or ECDHE?
> 
> There is definitely scope for improvement here.  My atomic operation
> suggestion is one approach which was quick and easy to validate,
> better might be more locks since it doesn't introduce a new paradigm
> and is more widely supported (C11 notwithstanding).

I'm not saying there is no room for improvement or that the improvements 
are useless. But as long as we're not comparing apples-to-apples the 
statistic is useless.

Other things to look for: ServerKeyExchange curve or group and signature 
algorithm used as well as the key size of server. Each of those things 
can have impact completely overshadowing the lock contention differences 
(picking big RSA key size can easily slash performance by an order of 
magnitude).
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to