Re: 回复:Re: Openssl 1.1.0f Support

2017-09-26 Thread Jack Bates
To: users@trafficserver.apache.org Subject: Re: 回复:Re: Openssl 1.1.0f Support openssl lib and include directories werent matching versions. fixed that, and was able to compile without issue. On Fri, Sep 22, 2017 at 11:28 AM, Jack Bates <duh...@nottheoilrig.com> wrote: I remember backportin

Re: Openssl 1.1.0f Support

2017-09-26 Thread Bryan Call
_error() will not be called, so >>> the Err_get_state() will not be called and no lock contention in openssl >>> 1.0.1 with the patch. >>> >>> >>> - 原始邮件 - >>> 发件人:Bryan Call <bc...@apache.org> >>> 收件人:ilovep...@sina.cn &g

Re: Openssl 1.1.0f Support

2017-09-26 Thread Sudheer Vinukonda
with the patch. >> >> >> - 原始邮件 - >> 发件人:Bryan Call <bc...@apache.org> >> 收件人:ilovep...@sina.cn >> 抄送人:users <users@trafficserver.apache.org> >> 主题:Re: Openssl 1.1.0f Support >> 日期:2017年09月21日 23点37分 >> >> Th

Re: Openssl 1.1.0f Support

2017-09-26 Thread Leif Hedstrom
n openssl 1.0.1 > with the patch. > > > - 原始邮件 - > 发件人:Bryan Call <bc...@apache.org> > 收件人:ilovep...@sina.cn > 抄送人:users <users@trafficserver.apache.org> > 主题:Re: Openssl 1.1.0f Support > 日期:2017年09月21日 23点37分 > > This only changes the order

RE: 回复:Re: Openssl 1.1.0f Support

2017-09-25 Thread Chou, Peter
. Apparently, this might not occur on Red Hat which is what Jeremy used below. Thanks, Peter -Original Message- From: Jeremy Payne [mailto:jp557...@gmail.com] Sent: Friday, September 22, 2017 10:52 AM To: users@trafficserver.apache.org Subject: Re: 回复:Re: Openssl 1.1.0f Support openssl lib

Re: 回复:Re: Openssl 1.1.0f Support

2017-09-22 Thread Jeremy Payne
st have the same performance. >>> >>> >>> - 原始邮件 - >>> 发件人:<ilovep...@sina.cn> >>> 收件人:"bcall" <bc...@apache.org> >>> 抄送人:"users" <users@trafficserver.apache.org> >>> 主题:回复:Re: Openssl 1.1.0f Su

Re: 回复:Re: Openssl 1.1.0f Support

2017-09-22 Thread Jack Bates
uot; <bc...@apache.org> 抄送人:"users" <users@trafficserver.apache.org> 主题:回复:Re: Openssl 1.1.0f Support 日期:2017年09月22日 10点55分 With the patch, the ERR_clear_error() will only be called when the error occurs. In the normal situation, ERR_clear_error() will not be called, so the Er

Re: Openssl 1.1.0f Support

2017-09-22 Thread Jeremy Payne
issue was this.. i was sending a request to the listening IP address without sending the right SNI value. i didnt have a 'default' certificate defined so ATS 'rejected' the request. hence giving the impression no TLS session was established. i then defined a default certificate and was able to

Re: 回复:Re: Openssl 1.1.0f Support

2017-09-22 Thread Jeremy Payne
+ openssl > 1.0.1 + patch respectively, and they almost have the same performance. > > > - 原始邮件 - > 发件人:<ilovep...@sina.cn> > 收件人:"bcall" <bc...@apache.org> > 抄送人:"users" <users@trafficserver.apache.org> > 主题:回复:Re: Openssl 1.1.0f

回复:Re: Openssl 1.1.0f Support

2017-09-21 Thread iloveperl
> 收件人:ilovep...@sina.cn 抄送人:users <users@trafficserver.apache.org> 主题:Re: Openssl 1.1.0f Support 日期:2017年09月21日 23点37分 This only changes the order of the calls. There is still going to be lock contention inside OpenSSL 1.0.1.-BryanOn Sep 20, 2017, at 11:37 PM, ilovep...@sina.cn wrote:T

Re: Openssl 1.1.0f Support

2017-09-21 Thread Dave Thompson
gt; > > Kees > > > > > > > > > > *From:* Alan Carroll [mailto:solidwallofc...@oath.com] > *Sent:* Thursday, September 21, 2017 15:13 > > *To:* users@trafficserver.apache.org > *Subject:* Re: Openssl 1.1.0f Support > > > > Kees - I think Dave

RE: Openssl 1.1.0f Support

2017-09-21 Thread Kees Spoelstra
rse the Intel QAT card should still offload the CPU. Kees From: Alan Carroll [mailto:solidwallofc...@oath.com] Sent: Thursday, September 21, 2017 15:13 To: users@trafficserver.apache.org Subject: Re: Openssl 1.1.0f Support Kees - I think Dave and/or Susan tried the thread off load

Re: Openssl 1.1.0f Support

2017-09-21 Thread Alan Carroll
if we can burn some > cycles on looking into this. Any other insights from the tests at yahoo are > welcome. > > > > Kees > > > > *From:* Dave Thompson [mailto:da...@oath.com] > *Sent:* Wednesday, September 20, 2017 23:17 > *To:* users@trafficserver.apache.org > *

RE: Openssl 1.1.0f Support

2017-09-21 Thread Kees Spoelstra
into this. Any other insights from the tests at yahoo are welcome. Kees From: Dave Thompson [mailto:da...@oath.com] Sent: Wednesday, September 20, 2017 23:17 To: users@trafficserver.apache.org Subject: Re: Openssl 1.1.0f Support Sorry Jeremy, my recollections were from 16 months ago which

?????? Openssl 1.1.0f Support

2017-09-21 Thread haha
Can you push your patch against master on github ? scw00 -- -- ??: "iloveperl";<ilovep...@sina.cn>; : 2017??9??21??(??) 2:52 ??: "users"<users@trafficserver.apache.org>;"bcall"<bc...@a

Re: Openssl 1.1.0f Support

2017-09-21 Thread iloveperl
+ ERR_clear_error(); + return ssl_error; } From: Bryan Call <bc...@apache.org> Reply-To: "users@trafficserver.apache.org" <users@trafficserver.apache.org> Date: Thursday, September 21, 2017 at 8:38 AM To: "users@trafficserver.apache.org" <users@trafficserv

Re: Openssl 1.1.0f Support

2017-09-20 Thread Bryan Call
I meant to say 1.1.0. -Bryan > On Sep 20, 2017, at 3:54 PM, Bryan Call wrote: > > I was see something like 2x the performance in my benchmarks with OpenSSL > 1.0.1. I have been doing all my development with OpenSSL 1.0.1 ATS since > May, when I upgraded to Fedora 26. > >

Re: Openssl 1.1.0f Support

2017-09-20 Thread Bryan Call
I was see something like 2x the performance in my benchmarks with OpenSSL 1.0.1. I have been doing all my development with OpenSSL 1.0.1 ATS since May, when I upgraded to Fedora 26. -Bryan > On Sep 20, 2017, at 2:16 PM, Dave Thompson wrote: > > Sorry Jeremy, my recollections

Re: Openssl 1.1.0f Support

2017-09-20 Thread Dave Thompson
Sorry Jeremy, my recollections were from 16 months ago which is fuzzy by now at best. The gist of my recollection is that QAT is an IO based async engine, which of course ATS already has done extensively. I recall the under-the-hood QAT longjumping was a non-starter in an ATS framework. This

Re: Openssl 1.1.0f Support

2017-09-20 Thread Dave Thompson
July 2016, I was evaluating the async Quick Assist in the context of ATS, and came away with the opinion it's value comes into play with a much simpler application. It's effectively it's own async engine, long jumping across the stack, and doesn't play well or add value to ATS's more extensive

Re: Openssl 1.1.0f Support

2017-09-20 Thread Alan Carroll
Susan and Dave Thompson were working on something related to that, "crypto proxy". There's a small mention of it by Susan at the Fall 2016 summit in the TLS state slides ( https://cwiki.apache.org/confluence/display/TS/Presentations+-+2016). I'd start there and see if you can bug Susan or Good

Re: Openssl 1.1.0f Support

2017-09-20 Thread Jeremy Payne
Thanks guys.. Thats all I needed to know.. Now I can look closer at my end. Will let you know what I find. Also, any plans on supporting openssl async, which then allows for taking full advantage of the Intel QAT engine? Understood patches/commits are welcome, but just figured there may be some

Re: Openssl 1.1.0f Support

2017-09-19 Thread Alan Carroll
Susan has also run some performance tests with 7.1.x and openSSL 1.1 vs. openSSL 1.0.2. On Tue, Sep 19, 2017 at 5:55 PM, Leif Hedstrom wrote: > > On Sep 19, 2017, at 2:20 PM, Jeremy Payne wrote: > > I can link ATS 7.x and 8.x against openssl 1.1.0f,

Re: Openssl 1.1.0f Support

2017-09-19 Thread Leif Hedstrom
> On Sep 19, 2017, at 2:20 PM, Jeremy Payne wrote: > > I can link ATS 7.x and 8.x against openssl 1.1.0f, however, for some > reason I can't establish a SSL/TLS connection. Has anyone > successfully linked ATS against openssl 1.1.0f and successfully been > able to