SecPKCS12Import bottleneck for acceptance from a listening socket

Question

SecPKCS12Import bottleneck for acceptance from a listening socket

na-gupta opened this issue 8 years ago · 2 comments

Testing Kitura with SSLService causes a significant slowdown on osx (but not on linux). On investigating, it appears that SecPKCS12Import() (that runs every time a listening socket accepts a connection and initializes it's delegate) is very expensive. If we cache and reuse the pkcs12 certs in SSLService.Configuration we get a significant performance increase.

Testing this change with wrk shows a performance improvement from about 150 Requests/sec to about 5200 Requests/sec (35x improvement). It still is much slower than without SSL (24k Requests/sec).

On linux, using OpenSSL, the performance is comparable to without SSL. So there are probably other areas of potential improvement.

I will submit a pull request with my changes.

Answer 1 · 2017-01-18T21:59:10.000Z

na-gupta commented 8 years ago

Answer 2 · 2017-01-19T01:21:16.000Z

Fixed in 0.12.18.