Don't use tls ClientSessionCache

net/http doesn't use it either. Some servers have issues with this preventing fasthttp from working: #1364 #1296 #1335 #984 Also removed code that benchmarks crypto/tls as that has nothing to do with fasthttp.
valyala · Aug 28, 2022 · 79ccfff · 79ccfff
1 parent 28bec71
commit 79ccfff
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 118 deletions.
diff --git a/client.go b/client.go
@@ -1844,10 +1844,6 @@ func newClientTLSConfig(c *tls.Config, addr string) *tls.Config {
 		c = c.Clone()
 	}
 
-	if c.ClientSessionCache == nil {
-		c.ClientSessionCache = tls.NewLRUClientSessionCache(0)
-	}
-
 	if len(c.ServerName) == 0 {
 		serverName := tlsServerName(addr)
 		if serverName == "*" {

diff --git a/fasthttputil/ecdsa.key b/fasthttputil/ecdsa.key
diff --git a/fasthttputil/ecdsa.pem b/fasthttputil/ecdsa.pem
diff --git a/fasthttputil/inmemory_listener_timing_test.go b/fasthttputil/inmemory_listener_timing_test.go
@@ -33,87 +33,11 @@ func BenchmarkTLSStreaming(b *testing.B) {
 	benchmark(b, streamingHandler, true)
 }
 
-// BenchmarkTLSHandshake measures end-to-end TLS handshake performance
-// for fasthttp client and server.
-//
-// It re-establishes new TLS connection per each http request.
-func BenchmarkTLSHandshakeRSAWithClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: false,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeRSAWithoutClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeECDSAWithClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: false,
-		UseECDSA:                  true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeECDSAWithoutClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: true,
-		UseECDSA:                  true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeECDSAWithCurvesWithClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: false,
-		UseCurves:                 true,
-		UseECDSA:                  true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeECDSAWithCurvesWithoutClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: true,
-		UseCurves:                 true,
-		UseECDSA:                  true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
 func benchmark(b *testing.B, h fasthttp.RequestHandler, isTLS bool) {
-	bc := &benchConfig{
-		IsTLS: isTLS,
-	}
-	benchmarkExt(b, h, bc)
-}
-
-type benchConfig struct {
-	IsTLS                     bool
-	DisableClientSessionCache bool
-	UseCurves                 bool
-	UseECDSA                  bool
-}
-
-func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) {
 	var serverTLSConfig, clientTLSConfig *tls.Config
-	if bc.IsTLS {
+	if isTLS {
 		certFile := "rsa.pem"
 		keyFile := "rsa.key"
-		if bc.UseECDSA {
-			certFile = "ecdsa.pem"
-			keyFile = "ecdsa.key"
-		}
 		cert, err := tls.LoadX509KeyPair(certFile, keyFile)
 		if err != nil {
 			b.Fatalf("cannot load TLS certificate from certFile=%q, keyFile=%q: %v", certFile, keyFile, err)
@@ -123,17 +47,9 @@ func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) {
 			PreferServerCipherSuites: true,
 		}
 		serverTLSConfig.CurvePreferences = []tls.CurveID{}
-		if bc.UseCurves {
-			serverTLSConfig.CurvePreferences = []tls.CurveID{
-				tls.CurveP256,
-			}
-		}
 		clientTLSConfig = &tls.Config{
 			InsecureSkipVerify: true,
 		}
-		if bc.DisableClientSessionCache {
-			clientTLSConfig.ClientSessionCache = fakeSessionCache{}
-		}
 	}
 	ln := fasthttputil.NewInmemoryListener()
 	serverStopCh := make(chan struct{})
@@ -151,12 +67,12 @@ func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) {
 		Dial: func(addr string) (net.Conn, error) {
 			return ln.Dial()
 		},
-		IsTLS:     clientTLSConfig != nil,
+		IsTLS:     isTLS,
 		TLSConfig: clientTLSConfig,
 	}
 
 	b.RunParallel(func(pb *testing.PB) {
-		runRequests(b, pb, c)
+		runRequests(b, pb, c, isTLS)
 	})
 	ln.Close()
 	<-serverStopCh
@@ -173,9 +89,13 @@ func handshakeHandler(ctx *fasthttp.RequestCtx) {
 	ctx.SetConnectionClose()
 }
 
-func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient) {
+func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient, isTLS bool) {
 	var req fasthttp.Request
-	req.SetRequestURI("http://foo.bar/baz")
+	if isTLS {
+		req.SetRequestURI("https://foo.bar/baz")
+	} else {
+		req.SetRequestURI("http://foo.bar/baz")
+	}
 	var resp fasthttp.Response
 	for pb.Next() {
 		if err := c.Do(&req, &resp); err != nil {
@@ -186,13 +106,3 @@ func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient) {
 		}
 	}
 }
-
-type fakeSessionCache struct{}
-
-func (fakeSessionCache) Get(sessionKey string) (*tls.ClientSessionState, bool) {
-	return nil, false
-}
-
-func (fakeSessionCache) Put(sessionKey string, cs *tls.ClientSessionState) {
-	// no-op
-}