OpenSSL server has a lower throughput than JDK SSL with larger responses

Expected behavior

I expected the native OpenSSL provider to be faster than the JDK provider, no matter what the size of the response payload is.

Actual behavior

A Netty server using the JDK SSL provider is faster for any payload (I have tested 1MB up, and see the same results)

The results below are from running on an i3.xlarge EC2 box running Amazon Linux AMI 2018.03.0, but I have seen reproducible similar behaviour running on both Alpine Linux, and Os X 10.13.4.

OpenSSL on this EC2 box has the version:

$ openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

Steps to reproduce

I have linked to a project that reproduces the problem reliably for me, running the runProfiling.sh script executes 6 tests.

1. empty response (OpenSSL)
2. empty response (JDK SSL)
3. 5MB response (OpenSSL)
4. 5MB response (JDK SSL)
5. 20MB response (OpenSSL)
6. 20MB response (JDK SSL)

The results for these tests (a full run takes around 60 mins) are then available in build/jmeter-report.

Empty Response

The empty test results are as expected;

OpenSSL JDK

5MB Response

The JDK SSL version gives a higher throughput than OpenSSL which is unexpected…

OpenSSL JDK

20MB response

Again, the JDK SSL version has a higher throughput

OpenSSL JDK

Minimal yet complete reproducer code (or URL to code)

https://github.com/timyates/netty-openssl-perf-test

Run ./runProfiling.sh and wait (around an hour) for the 6 tests to generate jMeter dashboards.

Netty version

4.1.25.Final

and

io.netty:netty-tcnative-boringssl-static:2.0.8.Final

JVM version (e.g. java -version)

openjdk version "1.8.0_171"
OpenJDK Runtime Environment (build 1.8.0_171-b10)
OpenJDK 64-Bit Server VM (build 25.171-b10, mixed mode)

OS version (e.g. uname -a)

Linux ip-172-31-12-49 4.14.26-46.32.amzn1.x86_64 #1 SMP Fri Mar 30 22:29:54 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux