Bug #76921 | Resume SSL / TLS sessions (use TLS tickets) | ||
---|---|---|---|
Submitted: | 3 May 2015 15:29 | Modified: | 8 Feb 2018 14:39 |
Reporter: | Daniël van Eeden (OCA) | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: C API (client library) | Severity: | S5 (Performance) |
Version: | 5.7.7-rc, 8.0.4 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | SSL, tls |
[3 May 2015 15:29]
Daniël van Eeden
[3 May 2015 15:31]
Daniël van Eeden
Added tags Changed Severity
[5 May 2015 9:38]
Daniël van Eeden
The server already supports this (if compiled against OpenSSL?) A patch to let the client use this (expiremental!): https://github.com/dveeden/mysql-server/commit/c55c561d4ed9843796d12c504850374d1a811030
[5 May 2015 9:39]
Daniël van Eeden
Experimental patch for client
Attachment: c55c561d4ed9843796d12c504850374d1a811030.patch (text/x-diff), 2.10 KiB.
[5 May 2015 9:44]
Daniël van Eeden
Example with the patch applied and no /tmp/mysql_sess.pem file present at the start. =============================================================== mysql> show session status like 'Ssl_sessions_reused'; +---------------------+-------+ | Variable_name | Value | +---------------------+-------+ | Ssl_sessions_reused | 0 | +---------------------+-------+ 1 row in set (0.00 sec) mysql> rollback release; Query OK, 0 rows affected (0.00 sec) mysql> show session status like 'Ssl_sessions_reused'; ERROR 2013 (HY000): Lost connection to MySQL server during query mysql> show session status like 'Ssl_sessions_reused'; ERROR 2006 (HY000): MySQL server has gone away No connection. Trying to reconnect... Connection id: 53 Current database: *** NONE *** +---------------------+-------+ | Variable_name | Value | +---------------------+-------+ | Ssl_sessions_reused | 1 | +---------------------+-------+ 1 row in set (0.02 sec) ===============================================================
[5 May 2015 9:58]
Daniël van Eeden
A not-so-sientific benchmark: With the patch applied: $ time for i in {1..1000}; do ./my sql -h 127.0.0.1 -e "QUIT"; done real 0m26.114s user 0m18.880s sys 0m5.777s Without the patch: $ time for i in {1..1000}; do ./my sql -h 127.0.0.1 -e "QUIT"; done real 0m37.278s user 0m24.160s sys 0m6.287s
[7 Feb 2018 13:20]
Georgi Kodinov
As noted in bug #89549 the way to set and extract session tickets can be through mysql_options().
[7 Feb 2018 16:38]
Daniël van Eeden
Updated versions and category. Anything else needed to get this verified?
[8 Feb 2018 14:39]
MySQL Verification Team
Hello Daniël, Thank you for the report and supplying patch along with it. Please ensure to re-send the patch via "Contributions" tab. Otherwise we would not be able to accept it. If you have no objections then as Joro mentioned I'll mark Bug #89549 as duplicate of this one. Thanks, Umesh