Hello devs, Right now I'm doing a lot of benchmarks, trying to figure out how to make my https server as fast as are others (for example, nginx). I've found that somewhere between 0.9.8 and 1.0.1c ssl3_get_cert_verify has started spending much more time than it was.
I wonder if you're aware of it, or if this thing can depend on some SSL_CTX mode/flag. Here are flamegraphs for you to make it more clearer what I'm talking about: * My server (openssl1.0.1c) - http://blog.indutny.com/f/tlsnappy-x64.svg * Nginx (openssl0.9.8) - http://blog.indutny.com/f/nginx.svg And here are sources of my server, just in case if you need them to figure something out: https://github.com/indutny/tlsnappy/blob/master/src/tlsnappy.cc Thank you, Fedor.
