diff options
author | Erik Dubbelboer <erik@dubbelboer.com> | 2022-08-28 10:13:03 +0200 |
---|---|---|
committer | Erik Dubbelboer <erik@dubbelboer.com> | 2022-08-28 10:13:03 +0200 |
commit | 79ccfff72b24c5087ba254c39cbfd579a0d7b149 (patch) | |
tree | cc77b14e9f35f0848ec211bd797fb35899a3ad81 /fasthttputil | |
parent | Fix "use of closed network connection" error check (diff) | |
download | fasthttp-79ccfff72b24c5087ba254c39cbfd579a0d7b149.tar.gz fasthttp-79ccfff72b24c5087ba254c39cbfd579a0d7b149.tar.bz2 fasthttp-79ccfff72b24c5087ba254c39cbfd579a0d7b149.zip |
Don't use tls ClientSessionCache
net/http doesn't use it either. Some servers have issues with this
preventing fasthttp from working:
https://github.com/valyala/fasthttp/issues/1364
https://github.com/valyala/fasthttp/issues/1296
https://github.com/valyala/fasthttp/issues/1335
https://github.com/valyala/fasthttp/issues/984
Also removed code that benchmarks crypto/tls as that has nothing to do
with fasthttp.
Diffstat (limited to 'fasthttputil')
-rw-r--r-- | fasthttputil/ecdsa.key | 5 | ||||
-rw-r--r-- | fasthttputil/ecdsa.pem | 10 | ||||
-rw-r--r-- | fasthttputil/inmemory_listener_timing_test.go | 108 |
3 files changed, 9 insertions, 114 deletions
diff --git a/fasthttputil/ecdsa.key b/fasthttputil/ecdsa.key deleted file mode 100644 index 7e201fc..0000000 --- a/fasthttputil/ecdsa.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIBpQbZ6a5jL1Yh4wdP6yZk4MKjYWArD/QOLENFw8vbELoAoGCCqGSM49 -AwEHoUQDQgAEKQCZWgE2IBhb47ot8MIs1D4KSisHYlZ41IWyeutpjb0fjwwIhimh -pl1Qld1/d2j3Z3vVyfa5yD+ncV7qCFZuSg== ------END EC PRIVATE KEY----- diff --git a/fasthttputil/ecdsa.pem b/fasthttputil/ecdsa.pem deleted file mode 100644 index ca1a7f2..0000000 --- a/fasthttputil/ecdsa.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBbTCCAROgAwIBAgIQPo718S+K+G7hc1SgTEU4QDAKBggqhkjOPQQDAjASMRAw -DgYDVQQKEwdBY21lIENvMB4XDTE3MDQyMDIxMDExNFoXDTE4MDQyMDIxMDExNFow -EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCkA -mVoBNiAYW+O6LfDCLNQ+CkorB2JWeNSFsnrraY29H48MCIYpoaZdUJXdf3do92d7 -1cn2ucg/p3Fe6ghWbkqjSzBJMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr -BgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAKBggq -hkjOPQQDAgNIADBFAiEAoLAIQkvSuIcHUqyWroA6yWYw2fznlRH/uO9/hMCxUCEC -IClRYb/5O9eD/Eq/ozPnwNpsQHOeYefEhadJ/P82y0lG ------END CERTIFICATE----- diff --git a/fasthttputil/inmemory_listener_timing_test.go b/fasthttputil/inmemory_listener_timing_test.go index 10f7bda..7aa5ac7 100644 --- a/fasthttputil/inmemory_listener_timing_test.go +++ b/fasthttputil/inmemory_listener_timing_test.go @@ -33,87 +33,11 @@ func BenchmarkTLSStreaming(b *testing.B) { benchmark(b, streamingHandler, true) } -// BenchmarkTLSHandshake measures end-to-end TLS handshake performance -// for fasthttp client and server. -// -// It re-establishes new TLS connection per each http request. -func BenchmarkTLSHandshakeRSAWithClientSessionCache(b *testing.B) { - bc := &benchConfig{ - IsTLS: true, - DisableClientSessionCache: false, - } - benchmarkExt(b, handshakeHandler, bc) -} - -func BenchmarkTLSHandshakeRSAWithoutClientSessionCache(b *testing.B) { - bc := &benchConfig{ - IsTLS: true, - DisableClientSessionCache: true, - } - benchmarkExt(b, handshakeHandler, bc) -} - -func BenchmarkTLSHandshakeECDSAWithClientSessionCache(b *testing.B) { - bc := &benchConfig{ - IsTLS: true, - DisableClientSessionCache: false, - UseECDSA: true, - } - benchmarkExt(b, handshakeHandler, bc) -} - -func BenchmarkTLSHandshakeECDSAWithoutClientSessionCache(b *testing.B) { - bc := &benchConfig{ - IsTLS: true, - DisableClientSessionCache: true, - UseECDSA: true, - } - benchmarkExt(b, handshakeHandler, bc) -} - -func BenchmarkTLSHandshakeECDSAWithCurvesWithClientSessionCache(b *testing.B) { - bc := &benchConfig{ - IsTLS: true, - DisableClientSessionCache: false, - UseCurves: true, - UseECDSA: true, - } - benchmarkExt(b, handshakeHandler, bc) -} - -func BenchmarkTLSHandshakeECDSAWithCurvesWithoutClientSessionCache(b *testing.B) { - bc := &benchConfig{ - IsTLS: true, - DisableClientSessionCache: true, - UseCurves: true, - UseECDSA: true, - } - benchmarkExt(b, handshakeHandler, bc) -} - func benchmark(b *testing.B, h fasthttp.RequestHandler, isTLS bool) { - bc := &benchConfig{ - IsTLS: isTLS, - } - benchmarkExt(b, h, bc) -} - -type benchConfig struct { - IsTLS bool - DisableClientSessionCache bool - UseCurves bool - UseECDSA bool -} - -func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) { var serverTLSConfig, clientTLSConfig *tls.Config - if bc.IsTLS { + if isTLS { certFile := "rsa.pem" keyFile := "rsa.key" - if bc.UseECDSA { - certFile = "ecdsa.pem" - keyFile = "ecdsa.key" - } cert, err := tls.LoadX509KeyPair(certFile, keyFile) if err != nil { b.Fatalf("cannot load TLS certificate from certFile=%q, keyFile=%q: %v", certFile, keyFile, err) @@ -123,17 +47,9 @@ func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) { PreferServerCipherSuites: true, } serverTLSConfig.CurvePreferences = []tls.CurveID{} - if bc.UseCurves { - serverTLSConfig.CurvePreferences = []tls.CurveID{ - tls.CurveP256, - } - } clientTLSConfig = &tls.Config{ InsecureSkipVerify: true, } - if bc.DisableClientSessionCache { - clientTLSConfig.ClientSessionCache = fakeSessionCache{} - } } ln := fasthttputil.NewInmemoryListener() serverStopCh := make(chan struct{}) @@ -151,12 +67,12 @@ func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) { Dial: func(addr string) (net.Conn, error) { return ln.Dial() }, - IsTLS: clientTLSConfig != nil, + IsTLS: isTLS, TLSConfig: clientTLSConfig, } b.RunParallel(func(pb *testing.PB) { - runRequests(b, pb, c) + runRequests(b, pb, c, isTLS) }) ln.Close() <-serverStopCh @@ -173,9 +89,13 @@ func handshakeHandler(ctx *fasthttp.RequestCtx) { ctx.SetConnectionClose() } -func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient) { +func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient, isTLS bool) { var req fasthttp.Request - req.SetRequestURI("http://foo.bar/baz") + if isTLS { + req.SetRequestURI("https://foo.bar/baz") + } else { + req.SetRequestURI("http://foo.bar/baz") + } var resp fasthttp.Response for pb.Next() { if err := c.Do(&req, &resp); err != nil { @@ -186,13 +106,3 @@ func runRequests(b *testing.B, pb *testing.PB, c *fasthttp.HostClient) { } } } - -type fakeSessionCache struct{} - -func (fakeSessionCache) Get(sessionKey string) (*tls.ClientSessionState, bool) { - return nil, false -} - -func (fakeSessionCache) Put(sessionKey string, cs *tls.ClientSessionState) { - // no-op -} |