Performance related queries for SSL based client server model

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Performance related queries for SSL based client server model

alok sharma-2
Hi,
   I am writing one sample ssl based client server model which uses SSL_Read & SSL_Write API provided by openssl. But I found that my application is very slow it takes around 40 mins to copy 700MB file. While same file using scp finishes in 10 mins.
   So my query is that is there  an alternative way to use open ssl read or write to improve performance. I searched in scp code and found it does not use SSL_read/SSL_write. So if there is another set of APIs which I can use or any idea how I can meet the same performance as scp.
Regards,
Alok
Reply | Threaded
Open this post in threaded view
|

RE: Performance related queries for SSL based client server model

Dave Thompson-5

This is not a –dev question, and there’s no need to send three times.

 

scp uses the SSH protocol. OpenSSL does not implement SSH.

OpenSSH, which is a different product from a different source, implements

SSH, although in their design the scp program doesn’t do any comms at all,

it just pipes to the ssh program which does.

 

What kind of network(s) are you transiting, and what are your endpoints?

On my dev LAN, which is one uncongested reliable 100Mbps switch, I get

plain TCP at nearly the hardware limit 8sec per 100MB, and within 10% of

that for SCP/SSH or trivial-app/SSL. These do 700MB in barely a minute.

 

SSL and SSH differ significantly in connection setup/handshake, and slightly

in multiplexing the data, but once actually sending application data they use

mostly the same range of ciphers and MAC, with openssh actually calling

libcrypto, and use TCP pretty much the same way, so unless you’re doing or

(perhaps unintentionally) invoking something wrong, you should get roughly

the same speed for both.

 

Try netcat to measure only the network (and disk) with almost no CPU;

that gives you an upper bound on any protocol – except one that can and does

compress well: I believe openssh can and openssl definitely can depending

on how it’s built, but many people disable it post-CRIME, and it certainly

depends very much on your data. You might try gzip on your data and

if that makes much difference send the gzipped form.

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Alok Sharma
Sent: Sunday, September 07, 2014 03:30
To: [hidden email]; [hidden email]
Subject: Performance related queries for SSL based client server model

 

Hi,

   I am writing one sample ssl based client server model which uses SSL_Read & SSL_Write API provided by openssl. But I found that my application is very slow it takes around 40 mins to copy 700MB file. While same file using scp finishes in 10 mins.

   So my query is that is there  an alternative way to use open ssl read or write to improve performance. I searched in scp code and found it does not use SSL_read/SSL_write. So if there is another set of APIs which I can use or any idea how I can meet the same performance as scp.

Regards,
Alok