OpenSSL server has a lower throughput than JDK SSL with larger responses
See original GitHub issueExpected behavior
I expected the native OpenSSL provider to be faster than the JDK provider, no matter what the size of the response payload is.
Actual behavior
A Netty server using the JDK SSL provider is faster for any payload (I have tested 1MB up, and see the same results)
The results below are from running on an i3.xlarge
EC2 box running Amazon Linux AMI 2018.03.0
, but I have seen reproducible similar behaviour running on both Alpine Linux, and Os X 10.13.4.
OpenSSL on this EC2 box has the version:
$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
Steps to reproduce
I have linked to a project that reproduces the problem reliably for me, running the runProfiling.sh
script executes 6 tests.
- empty response (OpenSSL)
- empty response (JDK SSL)
- 5MB response (OpenSSL)
- 5MB response (JDK SSL)
- 20MB response (OpenSSL)
- 20MB response (JDK SSL)
The results for these tests (a full run takes around 60 mins) are then available in build/jmeter-report
.
Empty Response
The empty test results are as expected;
OpenSSL JDK
5MB Response
The JDK SSL version gives a higher throughput than OpenSSL which is unexpected…
OpenSSL JDK
20MB response
Again, the JDK SSL version has a higher throughput
OpenSSL JDK
Minimal yet complete reproducer code (or URL to code)
https://github.com/timyates/netty-openssl-perf-test
Run ./runProfiling.sh
and wait (around an hour) for the 6 tests to generate jMeter dashboards.
Netty version
4.1.25.Final
and
io.netty:netty-tcnative-boringssl-static:2.0.8.Final
JVM version (e.g. java -version
)
openjdk version "1.8.0_171"
OpenJDK Runtime Environment (build 1.8.0_171-b10)
OpenJDK 64-Bit Server VM (build 25.171-b10, mixed mode)
OS version (e.g. uname -a
)
Linux ip-172-31-12-49 4.14.26-46.32.amzn1.x86_64 #1 SMP Fri Mar 30 22:29:54 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Issue Analytics
- State:
- Created 5 years ago
- Comments:10 (5 by maintainers)
Top GitHub Comments
Also let me close this issue.
@timyates maybe you use Java 9 or higher on the system you run JMeter on ?