I meant to say 1.1.0. -Bryan
> On Sep 20, 2017, at 3:54 PM, Bryan Call <[email protected]> wrote: > > I was see something like 2x the performance in my benchmarks with OpenSSL > 1.0.1. I have been doing all my development with OpenSSL 1.0.1 ATS since > May, when I upgraded to Fedora 26. > > -Bryan > >> On Sep 20, 2017, at 2:16 PM, Dave Thompson <[email protected] >> <mailto:[email protected]>> wrote: >> >> Sorry Jeremy, my recollections were from 16 months ago which is fuzzy by now >> at best. The gist of my recollection is that QAT is an IO based async >> engine, which of course ATS already has done extensively. I recall the >> under-the-hood QAT longjumping was a non-starter in an ATS framework. This >> was all static code analysis. Integration looked like a non-starter, so no >> performance test done. >> >> Regarding performance testing of "ATS + Openssl 1.1.0(x) + standard aes-ni >> acceleration", Susan (?Bryan?) was just telling me today of a measured order >> of magnitude improvement over with the same using Openssl 1.0.1(x) and small >> packet sizes... Improvement attributed to lock contention issues in the >> older OpenSSL 1.0.1(x). >> >> Dave >> >> On Wed, Sep 20, 2017 at 3:22 PM, Jeremy Payne <[email protected] >> <mailto:[email protected]>> wrote: >> Dave, >> >> Did you run any comparison performance tests using the QAT engine ? >> Specifically around these configurations(or similar) >> >> 1. ATS + Openssl 1.1.0(x) + QAT engine(sync) >> 2. ATS + Openssl 1.1.0(x) + standard aes-ni acceleration >> >> >> >> On Wed, Sep 20, 2017 at 11:26 AM, Dave Thompson <[email protected] >> <mailto:[email protected]>> wrote: >> > July 2016, I was evaluating the async Quick Assist in the context of ATS, >> > and came away with the opinion it's value comes into play with a much >> > simpler application. It's effectively it's own async engine, long jumping >> > across the stack, and doesn't play well or add value to ATS's more >> > extensive model to do similar.... not to mention mutually exclusive in >> > their >> > current forms. >> > >> > Dave >> > >> > >> > >> > On Wed, Sep 20, 2017 at 10:08 AM, Alan Carroll <[email protected] >> > <mailto:[email protected]>> >> > wrote: >> >> >> >> Susan and Dave Thompson were working on something related to that, "crypto >> >> proxy". There's a small mention of it by Susan at the Fall 2016 summit in >> >> the TLS state slides >> >> (https://cwiki.apache.org/confluence/display/TS/Presentations+-+2016 >> >> <https://cwiki.apache.org/confluence/display/TS/Presentations+-+2016>). >> >> I'd >> >> start there and see if you can bug Susan or Good Dave*. Although that work >> >> was designed to use an off box crypto engine, the implementation from the >> >> ATS point of view is identical to what you're writing about. Susan will be >> >> at the Fall 2017 Summit, I'd look her up then as well. >> >> >> >> * To distinguish from "Evil Dave" Carlin. >> >> >> >> On Wed, Sep 20, 2017 at 9:44 AM, Jeremy Payne <[email protected] >> >> <mailto:[email protected]>> wrote: >> >>> >> >>> Thanks guys.. Thats all I needed to know.. Now I can look closer at my >> >>> end. Will let you know what I find. >> >>> >> >>> Also, any plans on supporting openssl async, which then allows for >> >>> taking full advantage of the Intel QAT engine? >> >>> Understood patches/commits are welcome, but just figured there may be >> >>> some behind the scene works already started. >> >>> >> >>> Thanks! >> >>> >> >>> On Tue, Sep 19, 2017 at 6:31 PM, Alan Carroll <[email protected] >> >>> <mailto:[email protected]>> >> >>> wrote: >> >>> > Susan has also run some performance tests with 7.1.x and openSSL 1.1 >> >>> > vs. >> >>> > openSSL 1.0.2. >> >>> > >> >>> > On Tue, Sep 19, 2017 at 5:55 PM, Leif Hedstrom <[email protected] >> >>> > <mailto:[email protected]>> >> >>> > wrote: >> >>> >> >> >>> >> >> >>> >> On Sep 19, 2017, at 2:20 PM, Jeremy Payne <[email protected] >> >>> >> <mailto:[email protected]>> wrote: >> >>> >> >> >>> >> I can link ATS 7.x and 8.x against openssl 1.1.0f, however, for some >> >>> >> reason I can't establish a SSL/TLS connection. Has anyone >> >>> >> successfully linked ATS against openssl 1.1.0f and successfully been >> >>> >> able to establish a SSL/TLS session? >> >>> >> In other words, is openssl 1.1.0f supported by ATS? If not, what about >> >>> >> an earlier version of 1.1.0(x)?? >> >>> >> >> >>> >> >> >>> >> >> >>> >> Yeh, we’re running current master with OpenSSL v1.1.0f on >> >>> >> docs.trafficserver.apache.org >> >>> >> <http://docs.trafficserver.apache.org/>. Maybe you have some mismatch >> >>> >> / issues >> >>> >> between >> >>> >> headers (when compiling ATS) and runtime? >> >>> >> >> >>> >> Cheers, >> >>> >> >> >>> >> — Leif >> >>> >> >> >>> > >> >> >> >> >> > >> >
