To: users@trafficserver.apache.org
Subject: Re: 回复:Re: Openssl 1.1.0f Support
openssl lib and include directories werent matching versions.
fixed that, and was able to compile without issue.
On Fri, Sep 22, 2017 at 11:28 AM, Jack Bates <duh...@nottheoilrig.com> wrote:
I remember backportin
_error() will not be called, so
>>> the Err_get_state() will not be called and no lock contention in openssl
>>> 1.0.1 with the patch.
>>>
>>>
>>> - 原始邮件 -
>>> 发件人:Bryan Call <bc...@apache.org>
>>> 收件人:ilovep...@sina.cn
&g
with the patch.
>>
>>
>> - 原始邮件 -
>> 发件人:Bryan Call <bc...@apache.org>
>> 收件人:ilovep...@sina.cn
>> 抄送人:users <users@trafficserver.apache.org>
>> 主题:Re: Openssl 1.1.0f Support
>> 日期:2017年09月21日 23点37分
>>
>> Th
n openssl 1.0.1
> with the patch.
>
>
> - 原始邮件 -
> 发件人:Bryan Call <bc...@apache.org>
> 收件人:ilovep...@sina.cn
> 抄送人:users <users@trafficserver.apache.org>
> 主题:Re: Openssl 1.1.0f Support
> 日期:2017年09月21日 23点37分
>
> This only changes the order
. Apparently, this might
not occur on Red Hat which is what Jeremy used below.
Thanks,
Peter
-Original Message-
From: Jeremy Payne [mailto:jp557...@gmail.com]
Sent: Friday, September 22, 2017 10:52 AM
To: users@trafficserver.apache.org
Subject: Re: 回复:Re: Openssl 1.1.0f Support
openssl lib
st have the same performance.
>>>
>>>
>>> - 原始邮件 -
>>> 发件人:<ilovep...@sina.cn>
>>> 收件人:"bcall" <bc...@apache.org>
>>> 抄送人:"users" <users@trafficserver.apache.org>
>>> 主题:回复:Re: Openssl 1.1.0f Su
uot; <bc...@apache.org>
抄送人:"users" <users@trafficserver.apache.org>
主题:回复:Re: Openssl 1.1.0f Support
日期:2017年09月22日 10点55分
With the patch, the ERR_clear_error() will only be called when the error
occurs. In the normal situation, ERR_clear_error() will not be called, so
the Er
issue was this..
i was sending a request to the listening IP address without sending
the right SNI value.
i didnt have a 'default' certificate defined so ATS 'rejected' the
request. hence giving the impression
no TLS session was established.
i then defined a default certificate and was able to
+ openssl
> 1.0.1 + patch respectively, and they almost have the same performance.
>
>
> - 原始邮件 -
> 发件人:<ilovep...@sina.cn>
> 收件人:"bcall" <bc...@apache.org>
> 抄送人:"users" <users@trafficserver.apache.org>
> 主题:回复:Re: Openssl 1.1.0f
>
收件人:ilovep...@sina.cn
抄送人:users <users@trafficserver.apache.org>
主题:Re: Openssl 1.1.0f Support
日期:2017年09月21日 23点37分
This only changes the order of the calls. There is still going to be lock
contention inside OpenSSL 1.0.1.-BryanOn Sep 20, 2017, at 11:37 PM,
ilovep...@sina.cn wrote:T
gt;
>
> Kees
>
>
>
>
>
>
>
>
>
> *From:* Alan Carroll [mailto:solidwallofc...@oath.com]
> *Sent:* Thursday, September 21, 2017 15:13
>
> *To:* users@trafficserver.apache.org
> *Subject:* Re: Openssl 1.1.0f Support
>
>
>
> Kees - I think Dave
rse the Intel QAT
card should still offload the CPU.
Kees
From: Alan Carroll [mailto:solidwallofc...@oath.com]
Sent: Thursday, September 21, 2017 15:13
To: users@trafficserver.apache.org
Subject: Re: Openssl 1.1.0f Support
Kees - I think Dave and/or Susan tried the thread off load
if we can burn some
> cycles on looking into this. Any other insights from the tests at yahoo are
> welcome.
>
>
>
> Kees
>
>
>
> *From:* Dave Thompson [mailto:da...@oath.com]
> *Sent:* Wednesday, September 20, 2017 23:17
> *To:* users@trafficserver.apache.org
> *
into this. Any other insights from the tests at yahoo are welcome.
Kees
From: Dave Thompson [mailto:da...@oath.com]
Sent: Wednesday, September 20, 2017 23:17
To: users@trafficserver.apache.org
Subject: Re: Openssl 1.1.0f Support
Sorry Jeremy, my recollections were from 16 months ago which
Can you push your patch against master on github ?
scw00
-- --
??: "iloveperl";<ilovep...@sina.cn>;
: 2017??9??21??(??) 2:52
??: "users"<users@trafficserver.apache.org>;"bcall"<bc...@a
+ ERR_clear_error();
+
return ssl_error;
}
From: Bryan Call <bc...@apache.org>
Reply-To: "users@trafficserver.apache.org" <users@trafficserver.apache.org>
Date: Thursday, September 21, 2017 at 8:38 AM
To: "users@trafficserver.apache.org" <users@trafficserv
I meant to say 1.1.0.
-Bryan
> On Sep 20, 2017, at 3:54 PM, Bryan Call wrote:
>
> I was see something like 2x the performance in my benchmarks with OpenSSL
> 1.0.1. I have been doing all my development with OpenSSL 1.0.1 ATS since
> May, when I upgraded to Fedora 26.
>
>
I was see something like 2x the performance in my benchmarks with OpenSSL
1.0.1. I have been doing all my development with OpenSSL 1.0.1 ATS since May,
when I upgraded to Fedora 26.
-Bryan
> On Sep 20, 2017, at 2:16 PM, Dave Thompson wrote:
>
> Sorry Jeremy, my recollections
Sorry Jeremy, my recollections were from 16 months ago which is fuzzy by
now at best. The gist of my recollection is that QAT is an IO based async
engine, which of course ATS already has done extensively. I recall the
under-the-hood QAT longjumping was a non-starter in an ATS framework.
This
July 2016, I was evaluating the async Quick Assist in the context of ATS,
and came away with the opinion it's value comes into play with a much
simpler application. It's effectively it's own async engine, long jumping
across the stack, and doesn't play well or add value to ATS's more
extensive
Susan and Dave Thompson were working on something related to that, "crypto
proxy". There's a small mention of it by Susan at the Fall 2016 summit in
the TLS state slides (
https://cwiki.apache.org/confluence/display/TS/Presentations+-+2016). I'd
start there and see if you can bug Susan or Good
Thanks guys.. Thats all I needed to know.. Now I can look closer at my
end. Will let you know what I find.
Also, any plans on supporting openssl async, which then allows for
taking full advantage of the Intel QAT engine?
Understood patches/commits are welcome, but just figured there may be
some
Susan has also run some performance tests with 7.1.x and openSSL 1.1 vs.
openSSL 1.0.2.
On Tue, Sep 19, 2017 at 5:55 PM, Leif Hedstrom wrote:
>
> On Sep 19, 2017, at 2:20 PM, Jeremy Payne wrote:
>
> I can link ATS 7.x and 8.x against openssl 1.1.0f,
> On Sep 19, 2017, at 2:20 PM, Jeremy Payne wrote:
>
> I can link ATS 7.x and 8.x against openssl 1.1.0f, however, for some
> reason I can't establish a SSL/TLS connection. Has anyone
> successfully linked ATS against openssl 1.1.0f and successfully been
> able to
24 matches
Mail list logo