Jan, yep -- that's what John did with https://github.com/apache/trafficcontrol/pull/2781
It's for grove only at this point, but we're considering upgrading everything else to 1.11.x as well... -dan On Wed, Sep 5, 2018 at 8:09 AM Jan van Doorn <[email protected]> wrote: > It looked to me like the RSA problems almost went away with go 1.11? I’d > say just use that. > > Also, you can’t mix and match? Meaning you can’t have RSA on TR and EC on > the cache? > > Cheers, > JvD > > > On Sep 5, 2018, at 07:43, Dave Neuman <[email protected]> wrote: > > > > Thanks for the information John. > > I think it worth noting that, as far as I know, Traffic Router does not > > support EC keys so if you plan to use grove with EC, it will have to be > > without Traffic Router. Support for elliptic curve certificates in > Traffic > > Router has been captured in this github issue: > > https://github.com/apache/trafficcontrol/issues/2774. > > > > Thanks, > > Dave > > > > On Tue, Sep 4, 2018 at 10:47 AM John Rushford <[email protected]> > wrote: > > > >> Greetings, > >> > >> I've been running performance tests with the grove caching server using > >> several different > >> profiles. One profile was strictly with http transactions and other > >> profiles were > >> with a mix of https using RSA public/private keys and EC (elliptic > curve) > >> public/private > >> keys. When using https with EC certificates, grove performed very well. > >> However when > >> RSA public/private keys are employed, there is a significant impact to > >> performance. > >> > >> I have found that grove performs poorly when RSA keys are employed and > >> grove is compiled > >> using go 1.9.4. At 3k requests per second, the cpu's go to 100% > >> utilization and 50% or > >> more of the transactions time out. With the release of go version 1.11, > >> this performance > >> issue with RSA crypto has been addressed with a patch to the > >> 'math/big.addMulVVW()' function > >> used in the RSA crypto routines. After re-compiling grove with go > version > >> 1.11, performance > >> improved quite significantly when using RSA certs. I've attached some of > >> the performance data collected to the issue #2780 > >> <https://github.com/apache/trafficcontrol/issues/2780> > >> > >> If you are using grove, I suggest that you use EC keys public/private > TLS > >> keys. If you use > >> RSA keys though, you should make sure that you compile grove with go > >> version 1.11 or higher. > >> I've submitted this issue, #2780 > >> <https://github.com/apache/trafficcontrol/issues/2780>, and a PR, #2781 > >> <https://github.com/apache/trafficcontrol/pull/2781>, that modifies the > >> grove build scripts to check for and use go version 1.11. The docker > build > >> scripts have been modified to install and use go version 1.11 to build > >> grove. > >> > >> thanks > >> John Rushford > >> [email protected] > >> > >> -- > >> John Rushford > >> [email protected] > >> > >
