Public bug reported:
curl-7.47.0-1ubuntu2.2 spent lots of time reading CA certs before
sending "client hello"; on the other hand, curl 7.22.0 didn't spend time
reading CA certs before a "client hello" and after "server hello" was
received and it only read few CA certs. This made significant difference
in term of response time between 7.22.0 and 7.47.0.
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04.5 LTS"
$ dpkg -l curl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version
Architecture Description
+++-==---=
ii curl 7.47.0-1ubuntu2.2
amd64command line tool for transferring data with URL
syntax
$ curl -w "@curl-format.txt" https://170.199.194.0:4443/@p1/heartbeat/ -k -s -o
/dev/null
time_namelookup: 0.000
time_connect: 0.001
time_appconnect: 0.009
time_pretransfer: 0.009
time_redirect: 0.000
time_starttransfer: 0.011
--
time_total: 0.011
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
$ dpkg -l curl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version
Description
+++-==-==-
ii curl 7.22.0-3ubuntu4.17
Get a file from an HTTP, HTTPS or FTP server
$ curl -w "@curl-format.txt" https://170.199.194.0:4443/@p1/heartbeat/ -k -s -o
/dev/null
time_namelookup: 0.000
time_connect: 0.001
time_appconnect: 0.256
time_pretransfer: 0.256
time_redirect: 0.000
time_starttransfer: 0.257
--
time_total: 0.257
The problem was that when cul-7.47.0 compiled with gnutls and with
--with-ca-path=/etc/ssl/certs, it would read all certificates from the path
before sending client hello; on the other hand, when it's compiled libssl and
it's fine. I checked the build option for 7.22.0-3ubuntu4.17, only
--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt was used.
curl built with gnutls with --with-ca-bundle and without --with-ca-path
was still slower than the built with libssl.
What needs to be done to build 7.47.0 with similar response time for
https as 7.22.0?
** Affects: curl (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1768112
Title:
7.47.0-1ubuntu2.2 is much slower than 7.22.0-3ubuntu4.17 for https
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1768112/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs