diff options
author | Aliaksandr Valialkin <valyala@gmail.com> | 2017-04-24 14:16:30 +0300 |
---|---|---|
committer | Aliaksandr Valialkin <valyala@gmail.com> | 2017-04-24 14:16:32 +0300 |
commit | 8b2cc86299300c893830f8c771a1521ae52e5448 (patch) | |
tree | 5fed1ee6b114d78481a78da5ee4344449eb8849a /fasthttputil | |
parent | fasthttputil: added TLS benchmarks for handshakes with elliptic curves (diff) | |
download | fasthttp-8b2cc86299300c893830f8c771a1521ae52e5448.tar.gz fasthttp-8b2cc86299300c893830f8c771a1521ae52e5448.tar.bz2 fasthttp-8b2cc86299300c893830f8c771a1521ae52e5448.zip |
fasthttputil: added TLS benchmarks for ECDSA certificates
Handshakes with ECDSA certificates are optimized much better
comparing to RSA certificates - see https://github.com/golang/go/issues/20058 .
Diffstat (limited to 'fasthttputil')
-rw-r--r-- | fasthttputil/ecdsa.key | 5 | ||||
-rw-r--r-- | fasthttputil/ecdsa.pem | 10 | ||||
-rw-r--r-- | fasthttputil/inmemory_listener_timing_test.go | 39 | ||||
-rw-r--r-- | fasthttputil/rsa.key (renamed from fasthttputil/ssl-cert-snakeoil.key) | 0 | ||||
-rw-r--r-- | fasthttputil/rsa.pem (renamed from fasthttputil/ssl-cert-snakeoil.pem) | 0 |
5 files changed, 48 insertions, 6 deletions
diff --git a/fasthttputil/ecdsa.key b/fasthttputil/ecdsa.key new file mode 100644 index 0000000..7e201fc --- /dev/null +++ b/fasthttputil/ecdsa.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIBpQbZ6a5jL1Yh4wdP6yZk4MKjYWArD/QOLENFw8vbELoAoGCCqGSM49 +AwEHoUQDQgAEKQCZWgE2IBhb47ot8MIs1D4KSisHYlZ41IWyeutpjb0fjwwIhimh +pl1Qld1/d2j3Z3vVyfa5yD+ncV7qCFZuSg== +-----END EC PRIVATE KEY----- diff --git a/fasthttputil/ecdsa.pem b/fasthttputil/ecdsa.pem new file mode 100644 index 0000000..ca1a7f2 --- /dev/null +++ b/fasthttputil/ecdsa.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBbTCCAROgAwIBAgIQPo718S+K+G7hc1SgTEU4QDAKBggqhkjOPQQDAjASMRAw +DgYDVQQKEwdBY21lIENvMB4XDTE3MDQyMDIxMDExNFoXDTE4MDQyMDIxMDExNFow +EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCkA +mVoBNiAYW+O6LfDCLNQ+CkorB2JWeNSFsnrraY29H48MCIYpoaZdUJXdf3do92d7 +1cn2ucg/p3Fe6ghWbkqjSzBJMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggr +BgEFBQcDATAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAKBggq +hkjOPQQDAgNIADBFAiEAoLAIQkvSuIcHUqyWroA6yWYw2fznlRH/uO9/hMCxUCEC +IClRYb/5O9eD/Eq/ozPnwNpsQHOeYefEhadJ/P82y0lG +-----END CERTIFICATE----- diff --git a/fasthttputil/inmemory_listener_timing_test.go b/fasthttputil/inmemory_listener_timing_test.go index 28b42e2..0b7ec0e 100644 --- a/fasthttputil/inmemory_listener_timing_test.go +++ b/fasthttputil/inmemory_listener_timing_test.go @@ -37,7 +37,7 @@ func BenchmarkTLSStreaming(b *testing.B) { // for fasthttp client and server. // // It re-establishes new TLS connection per each http request. -func BenchmarkTLSHandshakeWithClientSessionCache(b *testing.B) { +func BenchmarkTLSHandshakeRSAWithClientSessionCache(b *testing.B) { bc := &benchConfig{ IsTLS: true, DisableClientSessionCache: false, @@ -45,7 +45,7 @@ func BenchmarkTLSHandshakeWithClientSessionCache(b *testing.B) { benchmarkExt(b, handshakeHandler, bc) } -func BenchmarkTLSHandshakeWithoutClientSessionCache(b *testing.B) { +func BenchmarkTLSHandshakeRSAWithoutClientSessionCache(b *testing.B) { bc := &benchConfig{ IsTLS: true, DisableClientSessionCache: true, @@ -53,20 +53,40 @@ func BenchmarkTLSHandshakeWithoutClientSessionCache(b *testing.B) { benchmarkExt(b, handshakeHandler, bc) } -func BenchmarkTLSHandshakeWithCurvesWithClientSessionCache(b *testing.B) { +func BenchmarkTLSHandshakeECDSAWithClientSessionCache(b *testing.B) { + bc := &benchConfig{ + IsTLS: true, + DisableClientSessionCache: false, + UseECDSA: true, + } + benchmarkExt(b, handshakeHandler, bc) +} + +func BenchmarkTLSHandshakeECDSAWithoutClientSessionCache(b *testing.B) { + bc := &benchConfig{ + IsTLS: true, + DisableClientSessionCache: true, + UseECDSA: true, + } + benchmarkExt(b, handshakeHandler, bc) +} + +func BenchmarkTLSHandshakeECDSAWithCurvesWithClientSessionCache(b *testing.B) { bc := &benchConfig{ IsTLS: true, DisableClientSessionCache: false, UseCurves: true, + UseECDSA: true, } benchmarkExt(b, handshakeHandler, bc) } -func BenchmarkTLSHandshakeWithCurvesWithoutClientSessionCache(b *testing.B) { +func BenchmarkTLSHandshakeECDSAWithCurvesWithoutClientSessionCache(b *testing.B) { bc := &benchConfig{ IsTLS: true, DisableClientSessionCache: true, UseCurves: true, + UseECDSA: true, } benchmarkExt(b, handshakeHandler, bc) } @@ -82,14 +102,21 @@ type benchConfig struct { IsTLS bool DisableClientSessionCache bool UseCurves bool + UseECDSA bool } func benchmarkExt(b *testing.B, h fasthttp.RequestHandler, bc *benchConfig) { var serverTLSConfig, clientTLSConfig *tls.Config if bc.IsTLS { - cert, err := tls.LoadX509KeyPair("./ssl-cert-snakeoil.pem", "./ssl-cert-snakeoil.key") + certFile := "rsa.pem" + keyFile := "rsa.key" + if bc.UseECDSA { + certFile = "ecdsa.pem" + keyFile = "ecdsa.key" + } + cert, err := tls.LoadX509KeyPair(certFile, keyFile) if err != nil { - b.Fatalf("cannot load TLS certificate: %s", err) + b.Fatalf("cannot load TLS certificate from certFile=%q, keyFile=%q: %s", certFile, keyFile, err) } serverTLSConfig = &tls.Config{ Certificates: []tls.Certificate{cert}, diff --git a/fasthttputil/ssl-cert-snakeoil.key b/fasthttputil/rsa.key index 00a79a3..00a79a3 100644 --- a/fasthttputil/ssl-cert-snakeoil.key +++ b/fasthttputil/rsa.key diff --git a/fasthttputil/ssl-cert-snakeoil.pem b/fasthttputil/rsa.pem index 93e77cd..93e77cd 100644 --- a/fasthttputil/ssl-cert-snakeoil.pem +++ b/fasthttputil/rsa.pem |