-
-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS 1.3 Early data performance issue #3906
Comments
Some updates of my follow-up experiments: I still have one problem. Is there any way to write the "end of early data" by calling a function? I notice this is always sent after the client finish message (by calling SSL_connect()). Should it be necessary? I try to move this into the same packet of client hello message as well because my system will only send 1 early data. |
New update: I have solved this problem in my system. I do some hacks to squeeze early data or reply into the same packet of client/server hello if possible. Here is the screenshot of this result: http://imgur.com/vR5uGWg.png This change reduces the latency of getting a HTTP response from 3RTT to 1RTT. Not sure if people thinks it is an important thing for OpenSSL. I currently solve this issue by set my own bio bwrite function and batch the client/server message outside of openssl. It would be better/cleaner if this can be handled by openssl's state machine. |
These are some interesting results. I'll need to do some tests to investigate further and get a better understanding of what is happening. |
Is that the
|
The reason this happens is because of Nagle's algorithm (https://en.wikipedia.org/wiki/Nagle%27s_algorithm). Quoting that page:
So, OpenSSL immediately sends the ClientHello packet. It then also immediately sends the early application data packet. However at the network stack layer Nagle's algorithm kicks in. We have not yet received an ACK for the initial ClientHello packet so the early application data gets buffered waiting for either more application data (until we have a full packet's worth), or until we've received the ACK. If no more early application data is forthcoming then we do not actually see the early data get sent until we have that ACK come back. For the purposes of a quick test to prove this theory, I made the following change:
This has the effect of setting the TCP_NODELAY option on the underlying socket in s_client. With this change the problem is gone - the early application data gets sent immediately. Therefore there are a few options for fixing this:
The problem with (2) is that it breaks the BIO abstraction. We have to peek inside the BIO to see if it is really a socket and mess with socket options that are really none of our business to play around with. Some applications may have non-trivial BIO set ups (e.g. BIO chains, or mem-BIOs etc) - so this would be difficult/impossible to do in these circumstances. Option (3) has some merit but only really helps with the first packet of early application data. If you send a second or subsequent packets then you hit the same problem. Therefore I am currently thinking that option 1 might be the best way forward. |
In particular add information about the effect of Nagle's algorithm on early data. Fixes openssl#3906
I went with option (1), so there is now some discussion of this issue in the man page. |
Hi Matt, You are awesome! I did notice the problem might be caused by Nagle's algorithm but my idea was incorrect. I thought the problem is cased by enabling "tcp no delay", so the packets are sent right away before they can be "batched" together in the single packet. It turns out is in the reverse way LoL.... I have confirmed that setting TCP no delay solves this issue :) Yu-Chih |
Hi,
Thanks to the awesome OpenSSL community. I have successfully enable the TLS1.3 + early data in my system! Awesome!
However, when I try to do some microbenchmark to this fancy new TLS feature, I find enabling early data turns out consume more time to get the server response :(
Later I try to do a simple test by using OpenSSL's example code and find this issue still exists! Following is my settings and results of this small test:
Test settings
(http.txt is just a dummy GET request)
Testing results
My problem
The above issues seems to make the TLS1.3 + early data not that useful. I haven't been able to check how the statem works when the early data is sent, but this testing result seems wrong to me. Is it something have not been explored by the OpenSSL community? or it is my fault to use OpenSSL in a wrong way?
(I would be happy to help fixing this problem, but I might need some helps)
Reference:
code added before the for(;;) reading loop of www_body in s_server.c
This code is nothing special, just return a dummy html page "dummy20early" when the server gets the early data sent from the client
The text was updated successfully, but these errors were encountered: