| Bug #46546 | Large performance hit when using YaSSL over OpenSSL | ||
|---|---|---|---|
| Submitted: | 4 Aug 2009 16:02 | Modified: | 25 Jul 2019 11:20 |
| Reporter: | Andrew Hutchings | Email Updates: | |
| Status: | Won't fix | Impact on me: | |
| Category: | MySQL Server: General | Severity: | S3 (Non-critical) |
| Version: | 5.0.83 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[4 Aug 2009 16:57]
Andrew Hutchings
Callgrind for YaSSL client and server
Attachment: callgrind.out.14693 (application/octet-stream, text), 389.11 KiB.
[4 Aug 2009 16:57]
Andrew Hutchings
Callgrind for OpenSSL client when using YaSSL server
Attachment: callgrind.out.14786 (application/octet-stream, text), 295.74 KiB.
[4 Aug 2009 17:02]
Andrew Hutchings
Running the last 2 attachments through kcachegrind shows that most of the time is taken with TaoCrypt's RecursiveMultiply
[7 Aug 2009 8:33]
Sergei Golubchik
Andrew, could you submit a bug report to yassl ? I suppose the only thing *we* can do is to build with openssl when possible.
[9 Aug 2009 7:09]
Andrew Hutchings
My initial benchmarks show that CyaSSL is many times faster (RSA decryption is nearly 10x faster than YaSSL). If licensing supports this I suggest looking into moving to this. Especially since this would help with the C++/C issues with APIs.
[16 Mar 2012 9:27]
MySQL Verification Team
http://www.yassl.com/yaSSL/Blog/Entries/2011/4/28_MySQL_SSL_Performance_Benchmarking.html
[25 Jul 2019 11:20]
Erlend Dahl
We will remove the support for YaSSL in an upcoming release.
Description: YaSSL is giving a large performance hit on opening connections at both the client and server side when compared to OpenSSL (my tests are using OpenSSL 0.9.8k-fips 25 Mar 2009). Details below: OpenSSL client and server: real 0m51.429s user 0m27.353s sys 0m5.548s real 0m51.277s user 0m27.247s sys 0m5.289s real 0m51.639s user 0m27.481s sys 0m5.456s YaSSL client and server: real 2m51.871s user 1m25.606s sys 0m3.857s real 2m51.842s user 1m25.972s sys 0m3.884s real 2m50.845s user 1m25.549s sys 0m3.856s OpenSSL client, YaSSL server: real 1m53.367s user 0m27.182s sys 0m4.928s real 1m53.048s user 0m27.194s sys 0m4.723s real 1m53.793s user 0m27.274s sys 0m4.945s YaSSL client, OpenSSL server: real 1m49.484s user 1m26.573s sys 0m3.994s real 1m48.299s user 1m25.969s sys 0m3.821s real 1m47.735s user 1m25.667s sys 0m3.762s How to repeat: ./configure --with-openssl --with-debug and ./configure --with-yassl --with-debug Test script run (switch yassl for openssl when testing openssl client): #!/bin/bash for i in {1..500} do mysql-5.0.83-yassl/bin/mysql --protocol=tcp --host=localhost --ssl --ssl-ca=newcerts/ca-cert.pem --ssl-cert=newcerts/client-cert.pem --ssl-key=newcerts/client-key.pem -uroot -e 'select * from mysql.user' > /dev/null done my.cnf is bare apart from the ssl cert settings.