Hello, Florin In current TLS openssl implementation, in each accepted TLS session, openssl_ctx_init_server needs to re-init ssl_ctx, and set key and certificate, which actually is not necessary, and normally one-time initialization is good enough. After I change this initialization to run only once, I can get around 20~30% performance improvement for CPS. I am now considering to re-architect this initialization, and one possible point is to move this to tls_start_listen. A generic tls_ssl_ctx_init can be the interface, then it will call engine specific, such as openssl ssl_ctx initialization afterward. How do you think?
Thanks Ping
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9932): https://lists.fd.io/g/vpp-dev/message/9932 Mute This Topic: https://lists.fd.io/mt/23814247/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
