> are you sure that the negotiated cipher suite is the same and that the > NSS is not configured to reuse the server key share if you're using DHE > or ECDHE?
The cipher suite was the same. I'd have to check to see exactly which was used. It is certainly possible that NSS was configured as you suggest and, if so, this would improve its performance. However, the obstacle preventing 100% CPU utilisation for both stacks is lock contention. The NSS folks apparently spent a lot of effort addressing this and they have a far more scalable locking model than OpenSSL: one lock per context for all the different kinds of context versus a small number of global locks. There is definitely scope for improvement here. My atomic operation suggestion is one approach which was quick and easy to validate, better might be more locks since it doesn't introduce a new paradigm and is more widely supported (C11 notwithstanding). Regards, Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
