Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-4656

MongoC driver re-initializes OpenSSL Context on every new socket

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 1.28.0
    • Affects Version/s: None
    • Component/s: Performance, Security
    • None
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      Discovered as part of PERF-4166, it looks like we create a new OpenSSL context for every new connection that a client makes over TLS. Creating an OpenSSL context is a relatively expensive operation that involves parsing the root certificate store for the operating system and building an internal data structure representing those certificates. When making 10,000 clients as part of the tests for PERF-4166, we saw that it was parsing certificates a total of 50,000 times, multiple times for each client. This was enough to make the test essentially not generate any traffic and keep all the cores busy just parsing certificate files repeatedly.

      At a minimum we should probably only initialize the OpenSSL context once per client, but as mentioned in the slack thread, it would also be great if we only initialized it once for each client pool. For context, Chromium uses a singleton for their SSL Context here.

      Note that Genny uses the mongocxx driver but I think that just defers to the mongoc driver in terms of how connections/OpenSSL is managed?

            Assignee:
            julia.garland@mongodb.com Julia Garland (Inactive)
            Reporter:
            john.daniels@mongodb.com John Daniels
            Votes:
            1 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: