On Oct 22, 7:22 pm, Nelson B Bolyard <nel...@bolyard.me> wrote: > What kind of system? What CPU? What clock speed? What memory speed? > > Are you doing client authentication with a client certificate? > Are you using Diffie-Hellman Ephemeral cipher suites? > 100ms is indeed a long time if you're not.
The system is a mini-itx board D945GSEJT. CPU Intel Atom N270 1.6 GHz, memory DDR2 533MHz 1GB. Operating system is Gentoo Linux, x86 architecture (CPU doesn't support 64bit), kernel version 2.6.31, compiler optimization flags "-march=nocona -mssse3". My program is acting as a server which requires client authentication. I've generated all certificates with certutil without requesting any specific ciphers, so they are RSA 1042 bit. In the server I also don't override any defaults. On average, the complete handshake in local network takes about 400 ms. I've noticed this is considerably greater than on other systems I have. With the server program running on an AMD Sempron 2800 (1.8 GHz), complete handhshake takes only about 50ms (though it is 64-bit while my Atom system is not). I find this surprising; perhaps there is some performance regression with Atom processors? I know the board is relatively low- performance, but is really that slow? > Could your system actually be doing the socket IO on that thread? It would be hard to do I/O in a different thread with the existing design of my software, but possible, however it would for sure introduce additional overhead. That is the last resort. > Does it use the CPU to do the actual network IO? What do you mean? My I/O code is quite efficient; it can't be taking so long. After the handshake is done, my server does around 5 Mbit/s traffic constantly over SSL, and "uptime" indicates zero CPU load (though with "top" the load jumps to 80% at regular intervals, but this is probably a measurement artifact to do with the timings of the i/o and load sampling). While a client is connecting, the server program's CPU usage rises suddenly to almost 100%. > What is the speed of your network link? The network is not an issue, I'm using 100Mbit LAN. > A reactor? What's that? (nuclear? :) It's the part of the program that blocks on all resources and calls associated handlers when an operation can be performed without blocking; no nuclear reactions involved :) see http://en.wikipedia.org/wiki/Reactor_pattern -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
