On Mon, 9 May 2022 19:38:36 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
> When a TLS server resumes a session from a stateless session ticket, it > populates the `SSLSessionImpl`'s `localCerts` and `peerCerts` fields with > certificates deserialized from the session ticket. These certificates are > often the same across a large number of tickets. > > This patch implements a certificate cache lookup for these certificates. This > enables us to avoid deserializing the same certificates repeatedly, and saves > memory by reusing the same certificate objects. Performance results: Before: Benchmark (resume) (tlsVersion) Mode Cnt Score Error Units SSLHandshake.doHandshake true TLSv1.2 thrpt 5 10425.534 ± 785.613 ops/s SSLHandshake.doHandshake true TLS thrpt 5 673.131 ± 24.857 ops/s after: Benchmark (resume) (tlsVersion) Mode Cnt Score Error Units SSLHandshake.doHandshake true TLSv1.2 thrpt 5 11882.724 ± 106.444 ops/s SSLHandshake.doHandshake true TLS thrpt 5 717.195 ± 210.658 ops/s The benchmark shows a nice improvement in throughput on session resumption; it uses the same `localCerts` on all sessions, and `peerCerts` are empty. The performance of full handshakes (not shown) didn't change, which is expected because full handshakes do not use the changed code. GC profiling results: Before: Benchmark (resume) (tlsVersion) Mode Cnt Score Error Units SSLHandshake.doHandshake:·gc.alloc.rate.norm true TLSv1.2 thrpt 15 173868.322 ± 1554.251 B/op SSLHandshake.doHandshake:·gc.alloc.rate.norm true TLS thrpt 15 404166.493 ± 1640.523 B/op After: Benchmark (resume) (tlsVersion) Mode Cnt Score Error Units SSLHandshake.doHandshake:·gc.alloc.rate.norm true TLSv1.2 thrpt 15 140972.286 ± 1782.103 B/op SSLHandshake.doHandshake:·gc.alloc.rate.norm true TLS thrpt 15 370317.660 ± 1846.107 B/op Memory allocation is reduced by ~30kB per handshake on session resumption. The allocation profile of full handshakes (not shown) didn't change. ------------- PR: https://git.openjdk.java.net/jdk/pull/8608