|
by Kevin [kevin at hotmail dot com] posted on 2003/10/13 |
|
My server is set to the following:
SecurityOptions so = new SecurityOptions(SecureProtocol.Tls1 | SecureProtocol.Ssl3);
so.Certificate = cert;
so.CommonName = null;
so.AllowedAlgorithms = SslAlgorithms.RSA_RC4_128_SHA | SslAlgorithms.NULL_COMPRESSION;
Performance when sending large files 10 megs and above is very bad. The CPU goes up to 100%. The network transfer slows right down while all processing goes to the decryption. |
by Kevin [Kevin at hotmail dot com] posted on 2003/10/13 |
|
Just to clarify - the client is written in Java and sends large files over to the .NET SSL server. |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/10/13 |
|
By default, the Security Library uses the ARCFourManaged class to do RC4 encryption and decryption. You can try to change the ARCFourManaged class to the RC4CryptoServiceProvider class which calls into the Windows CryptoAPI for RC4 encryption and decryption [if the CryptoAPI supports the selected key size]. To do this, open the file CipherSuites.cs. It's located under the Security\Ssl\Shared directory. Line 131 should read:
new CipherDefinition(SslAlgorithms.RSA_RC4_128_SHA, typeof(ARCFourManaged), 16, 0, 16, typeof(SHA1CryptoServiceProvider), HashType.SHA1, 20, false),
change this to
new CipherDefinition(SslAlgorithms.RSA_RC4_128_SHA, typeof(RC4CryptoServiceProvider), 16, 0, 16, typeof(SHA1CryptoServiceProvider), HashType.SHA1, 20, false),
and recompile the library. This may enhance the performance of the library.
Our focus up until now has been on getting the library to work reliably. I think we've achieved that goal with our latest release, so our focus will now shift more to performance.
You mentioned the Java server. Is this server running on the same system as the client? |
by Kevin [kevinknoop at hotmail dot com] posted on 2003/10/14 |
|
Thanks for the response. Unfortunatly that does not solve the problem. The problem is unpredictable because sometimes the transfer goes fine and sometimes not.Example: Transfering a 15 meg file, speed is good for say 50% of the transfer and then suddenly the CPU on the server machine goes to 100% and the transfer speed goes way down. The server basically reads from the network stream in 512 byte increments and writes to a file stream. The java client and the .NET SSL server are on different machines. |
by Kevin [Kevinknoop at hotmail dot com] posted on 2003/10/14 |
|
In fact, it seems more like a sporadic bug than a performance issue. Something during a large transfer(>+- 10 megs) triggers some serious CPU usage. |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/10/14 |
|
It's possible that you're seeing the GC at work [however a garbage collection should not last that long]. Anyhow, I'll create a test project that also transfers large files and I'll see whether I can reproduce the problem.
P.S., you say that the Java SSL client is reading the file 512 bytes at a time, but are you also sending the file 512 bytes at a time? If so, this is very inefficient. For SSL and TLS, the optimal nuber of bytes to send at once is 16Kb. |
by Kevin [kevinknoop at hotmail dot com] posted on 2003/10/14 |
|
Thanks for your help ,the test app will be a good exercise and should reveal a few things. Just to clarify again the Java app is the Client which sends files to the .NET server which reads the files. Ounce the CPU goes up it does not come down again - so I doubt its the GC. Its like its in some tight loop. |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/10/14 |
|
I wrote a small Java client and .NET server, but I can't reproduce the behavior you're seeing. This is the behavior I'm getting: http://www.mentalis.org/downloads/ssocket.png
The short drops can be explained by one of the GCs kicking in. |
by Kevin [kevinknoop at hotmail dot com] posted on 2003/10/15 |
|
Could you please make those test apps available for download.
Thanks |
by Kevin [kevinknoop at hormail dot com] posted on 2003/10/15 |
|
By the way. Did that transfer take place on a lan? Cause its VERY slow. |
by Pieter Philippaerts [Pieter at mentalis dot org] posted on 2003/10/15 |
|
Sure, you can download it here: http://www.mentalis.org/downloads/ssltest.zip
The transfer took place on one computer. The .NET program was running at around 50% of the processor capacity [so that's around 500MHz] in debug mode. |