Don't use tls ClientSessionCache

net/http doesn't use it either. Some servers have issues with this preventing fasthttp from working: https://github.com/valyala/fasthttp/issues/1364 https://github.com/valyala/fasthttp/issues/1296 https://github.com/valyala/fasthttp/issues/1335 https://github.com/valyala/fasthttp/issues/984 Also removed code that benchmarks crypto/tls as that has nothing to do with fasthttp.
author: Erik Dubbelboer <erik@dubbelboer.com> 2022-08-28 10:13:03 +0200
committer: Erik Dubbelboer <erik@dubbelboer.com> 2022-08-28 10:13:03 +0200
commit: 79ccfff72b24c5087ba254c39cbfd579a0d7b149 (patch)
tree: cc77b14e9f35f0848ec211bd797fb35899a3ad81 /fasthttputil
parent: Fix "use of closed network connection" error check (diff)
download: fasthttp-79ccfff72b24c5087ba254c39cbfd579a0d7b149.tar.gz
fasthttp-79ccfff72b24c5087ba254c39cbfd579a0d7b149.tar.bz2
fasthttp-79ccfff72b24c5087ba254c39cbfd579a0d7b149.zip
3 files changed, 9 insertions, 114 deletions
diff --git a/fasthttputil/ecdsa.key b/fasthttputil/ecdsa.key
deleted file mode 100644
index 7e201fc..0000000
--- a/fasthttputil/ecdsa.key
+++ /dev/null
@@ -1,5 +0,0 @@
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIBpQbZ6a5jL1Yh4wdP6yZk4MKjYWArD/QOLENFw8vbELoAoGCCqGSM49
-AwEHoUQDQgAEKQCZWgE2IBhb47ot8MIs1D4KSisHYlZ41IWyeutpjb0fjwwIhimh
-pl1Qld1/d2j3Z3vVyfa5yD+ncV7qCFZuSg==
------END EC PRIVATE KEY-----
diff --git a/fasthttputil/ecdsa.pem b/fasthttputil/ecdsa.pem
deleted file mode 100644
index ca1a7f2..0000000
--- a/fasthttputil/ecdsa.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBbTCCAROgAwIBAgIQPo718S+K+G7hc1SgTEU4QDAKBggqhkjOPQQDAjASMRAw
-DgYDVQQKEwdBY21lIENvMB4XDTE3MDQyMDIxMDExNFoXDTE4MDQyMDIxMDExNFow
-EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCkA
-mVoBNiAYW+O6LfDCLNQ+CkorB2JWeNSFsnrraY29H48MCIYpoaZdUJXdf3do92d7
-1cn2ucg/p3Fe6ghWbkqjSzBJMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr
-BgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAKBggq
-hkjOPQQDAgNIADBFAiEAoLAIQkvSuIcHUqyWroA6yWYw2fznlRH/uO9/hMCxUCEC
-IClRYb/5O9eD/Eq/ozPnwNpsQHOeYefEhadJ/P82y0lG
------END CERTIFICATE-----
diff --git a/fasthttputil/inmemory_listener_timing_test.go b/fasthttputil/inmemory_listener_timing_test.go
index 10f7bda..7aa5ac7 100644
--- a/fasthttputil/inmemory_listener_timing_test.go
+++ b/fasthttputil/inmemory_listener_timing_test.go
@@ -33,87 +33,11 @@ func BenchmarkTLSStreaming(b *testing.B) {
 	benchmark(b, streamingHandler, true)
 }
 
-// BenchmarkTLSHandshake measures end-to-end TLS handshake performance
-// for fasthttp client and server.
-//
-// It re-establishes new TLS connection per each http request.
-func BenchmarkTLSHandshakeRSAWithClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: false,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeRSAWithoutClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeECDSAWithClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: false,
-		UseECDSA:                  true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeECDSAWithoutClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: true,
-		UseECDSA:                  true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeECDSAWithCurvesWithClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: false,
-		UseCurves:                 true,
-		UseECDSA:                  true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
-func BenchmarkTLSHandshakeECDSAWithCurvesWithoutClientSessionCache(b *testing.B) {
-	bc := &benchConfig{
-		IsTLS:                     true,
-		DisableClientSessionCache: true,
-		UseCurves:                 true,
-		UseECDSA:                  true,
-	}
-	benchmarkExt(b, handshakeHandler, bc)
-}
-
 func benchmark(b *testing.B, h fasthttp.RequestHandler, isTLS bool) {
-	bc := &benchConfig{
-		IsTLS: isTLS,
-	}
-	benchmarkExt(b, h, bc)
-}
-
-type benchConfig struct {
-	IsTLS                     bool
-	DisableClientSessionCache bool
-	UseCurves                 bool
-	UseECDSA                  bool
-}
-
-func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) {
 	var serverTLSConfig, clientTLSConfig *tls.Config
-	if bc.IsTLS {
+	if isTLS {
 		certFile := "rsa.pem"
 		keyFile := "rsa.key"
-		if bc.UseECDSA {
-			certFile = "ecdsa.pem"
-			keyFile = "ecdsa.key"
-		}
 		cert, err := tls.LoadX509KeyPair(certFile, keyFile)
 		if err != nil {
 			b.Fatalf("cannot load TLS certificate from certFile=%q, keyFile=%q: %v", certFile, keyFile, err)
@@ -123,17 +47,9 @@ func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) {
 			PreferServerCipherSuites: true,
 		}
 		serverTLSConfig.CurvePreferences = []tls.CurveID{}
-		if bc.UseCurves {
-			serverTLSConfig.CurvePreferences = []tls.CurveID{
-				tls.CurveP256,
-			}
-		}
 		clientTLSConfig = &tls.Config{
 			InsecureSkipVerify: true,
 		}
-		if bc.DisableClientSessionCache {
-			clientTLSConfig.ClientSessionCache = fakeSessionCache{}
-		}
 	}
 	ln := fasthttputil.NewInmemoryListener()
 	serverStopCh := make(chan struct{})
@@ -151,12 +67,12 @@ func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) {
 		Dial: func(addr string) (net.Conn, error) {
 			return ln.Dial()
 		},
-		IsTLS:     clientTLSConfig != nil,
+		IsTLS:     isTLS,
 		TLSConfig: clientTLSConfig,
 	}
 
 	b.RunParallel(func(pb *testing.PB) {
-		runRequests(b, pb, c)
+		runRequests(b, pb, c, isTLS)
 	})
 	ln.Close()
 	<-serverStopCh
@@ -173,9 +89,13 @@ func handshakeHandler(ctx *fasthttp.RequestCtx) {
 	ctx.SetConnectionClose()
 }
 
-func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient) {
+func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient, isTLS bool) {
 	var req fasthttp.Request
-	req.SetRequestURI("http://foo.bar/baz")
+	if isTLS {
+		req.SetRequestURI("https://foo.bar/baz")
+	} else {
+		req.SetRequestURI("http://foo.bar/baz")
+	}
 	var resp fasthttp.Response
 	for pb.Next() {
 		if err := c.Do(&req, &resp); err != nil {
@@ -186,13 +106,3 @@ func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient) {
 		}
 	}
 }
-
-type fakeSessionCache struct{}
-
-func (fakeSessionCache) Get(sessionKey string) (*tls.ClientSessionState, bool) {
-	return nil, false
-}
-
-func (fakeSessionCache) Put(sessionKey string, cs *tls.ClientSessionState) {
-	// no-op
-}
author	Erik Dubbelboer <erik@dubbelboer.com>	2022-08-28 10:13:03 +0200
committer	Erik Dubbelboer <erik@dubbelboer.com>	2022-08-28 10:13:03 +0200
commit	79ccfff72b24c5087ba254c39cbfd579a0d7b149 (patch)
tree	cc77b14e9f35f0848ec211bd797fb35899a3ad81 /fasthttputil
parent	Fix "use of closed network connection" error check (diff)
download	fasthttp-79ccfff72b24c5087ba254c39cbfd579a0d7b149.tar.gz fasthttp-79ccfff72b24c5087ba254c39cbfd579a0d7b149.tar.bz2 fasthttp-79ccfff72b24c5087ba254c39cbfd579a0d7b149.zip