On Tue, 12 Apr 2022 11:28:12 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
> During TLS handshake, hundreds of constraints are evaluated to determine > which cipher suites are usable. Most of the evaluations are performed using > `HandshakeContext#algorithmConstraints` object. By default that object > contains a `SSLAlgorithmConstraints` instance wrapping another > `SSLAlgorithmConstraints` instance. As a result the constraints defined in > `SSLAlgorithmConstraints` are evaluated twice. > > This PR improves the default case; if the user-specified constraints are left > at defaults, we use a single `SSLAlgorithmConstraints` instance, and avoid > duplicate checks. Results of the attached benchmark: Before: Benchmark (resume) (tlsVersion) Mode Cnt Score Error Units SSLHandshake.doHandshake true TLSv1.2 thrpt 5 1407.320 ± 302.562 ops/s SSLHandshake.doHandshake true TLS thrpt 5 391.037 ± 13.014 ops/s SSLHandshake.doHandshake false TLSv1.2 thrpt 5 280.003 ± 69.273 ops/s SSLHandshake.doHandshake false TLS thrpt 5 233.401 ± 9.371 ops/s After: Benchmark (resume) (tlsVersion) Mode Cnt Score Error Units SSLHandshake.doHandshake true TLSv1.2 thrpt 5 2267.325 ± 119.800 ops/s SSLHandshake.doHandshake true TLS thrpt 5 490.465 ± 24.698 ops/s SSLHandshake.doHandshake false TLSv1.2 thrpt 5 340.275 ± 72.833 ops/s SSLHandshake.doHandshake false TLS thrpt 5 271.656 ± 5.444 ops/s The results show a nice double-digit improvement across the board. ------------- PR: https://git.openjdk.java.net/jdk/pull/8199
