I didn't know about the curves parameter, and i don't see performance regression with it. I don't really understand why this kind of parameter can influence certs loading time.
Hervé. Le 23/05/2018 à 15:08, Emmanuel Hocdet a écrit : > Hi Hervé, > >> Le 22 mai 2018 à 10:31, Hervé Commowick <herve.commow...@corp.ovh.com> a >> écrit : >> >> Hello HAProxy ML, >> >> I tracked down a performance regression about loading bunch of >> certificates, at least 3x to 5x more time for loading 100000 certs since >> this commit >> http://git.haproxy.org/?p=haproxy-1.8.git;a=commitdiff;h=f6b37c67be277b5f0ae60438d796ff29ef19be40 >> >> This regression is 1.8 specific, (no issue in 1.6 or 1.7 branch) >> >> my bind line : >> bind 127.0.0.1:1443 ssl crt ssl10k ecdhe secp384r1 >> >> After some tests with William, it looks like it is also related to >> "ecdhe secp384r1" parameter, i don't really understand why, but without >> this i don't see any regression (and it looks like secp384r1 was >> effectively working in old version) >> > > can you try with « curves » parameter and not the old « ecdhe » ? > >> Let me know if i can test something, from 1min30s to 5min has some >> impacts as you can understand :-) >> > > Manu. >