SSL write/read performance

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL write/read performance

valmiki
Hi All,

I'm trying to understand server and client code over tcp using openssl.

How does the flow work when we do SSL_write or SSL_read.

SSL_write -> send buffer to kernel crypto subsystem -> take encrypted buffer and send it over network socket.

Is the above understanding correct ?

If its correct we have following context switch from user to kernel space and vice versa

-> open ssl libary to kernel crypto subsystem

-> kernel crypto subsystem to ssl library

-> ssl library to network subsystem

Does this mean for sending a buffer we need to three context switches from user to kernel and vice versa ?

Doesn't this effect performance ?

Please correct me if my understanding is wrong.

Regards,
valmiki






Reply | Threaded
Open this post in threaded view
|

Re: SSL write/read performance

Matt Caswell-2


On 10/04/2019 10:32, valmiki wrote:
> Hi All,
>
> I'm trying to understand server and client code over tcp using openssl.
>
> How does the flow work when we do SSL_write or SSL_read.
>
> SSL_write -> send buffer to kernel crypto subsystem -> take encrypted buffer and send it over network socket.
>
> Is the above understanding correct ?

No, this isn't correct. All crypto is done in user space* using libcrypto.

Matt

* Actually there is a new option in master where the kernel does the TLS
encryption/decryption - but it is not on by default, and if used the kernel does
the IO too.


>
> If its correct we have following context switch from user to kernel space and vice versa
>
> -> open ssl libary to kernel crypto subsystem
>
> -> kernel crypto subsystem to ssl library
>
> -> ssl library to network subsystem
>
> Does this mean for sending a buffer we need to three context switches from user to kernel and vice versa ?
>
> Doesn't this effect performance ?
>
> Please correct me if my understanding is wrong.
>
> Regards,
> valmiki
>
>
>
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: SSL write/read performance

valmiki

>> Hi All,
>>
>> I'm trying to understand server and client code over tcp using openssl.
>>
>> How does the flow work when we do SSL_write or SSL_read.
>>
>> SSL_write -> send buffer to kernel crypto subsystem -> take encrypted buffer and send it over network socket.
>>
>> Is the above understanding correct ?
> No, this isn't correct. All crypto is done in user space* using libcrypto.
>
> Matt
>
> * Actually there is a new option in master where the kernel does the TLS
> encryption/decryption - but it is not on by default, and if used the kernel does
> the IO too.
>
> Thanks Matt.
> So only one context switch happens, which is sending buffer to networking
> socket ?
>
> Regards,
> valimki
>> If its correct we have following context switch from user to kernel space and vice versa
>>
>> -> open ssl libary to kernel crypto subsystem
>>
>> -> kernel crypto subsystem to ssl library
>>
>> -> ssl library to network subsystem
>>
>> Does this mean for sending a buffer we need to three context switches from user to kernel and vice versa ?
>>
>> Doesn't this effect performance ?
>>
>> Please correct me if my understanding is wrong.
>>
>> Regards,
>> valmiki
>>
>>
>>
>>
>>
>>
Reply | Threaded
Open this post in threaded view
|

Re: SSL write/read performance

Matt Caswell-2


On 10/04/2019 11:03, valmiki wrote:

>
>>> Hi All,
>>>
>>> I'm trying to understand server and client code over tcp using openssl.
>>>
>>> How does the flow work when we do SSL_write or SSL_read.
>>>
>>> SSL_write -> send buffer to kernel crypto subsystem -> take encrypted buffer and send it over network socket.
>>>
>>> Is the above understanding correct ?
>> No, this isn't correct. All crypto is done in user space* using libcrypto.
>>
>> Matt
>>
>> * Actually there is a new option in master where the kernel does the TLS
>> encryption/decryption - but it is not on by default, and if used the kernel does
>> the IO too.
>>
>> Thanks Matt.
>> So only one context switch happens, which is sending buffer to networking
>> socket ?

Correct.

Matt