-
Type: Improvement
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Performance, Security
-
None
Discovered as part of PERF-4166, it looks like we create a new OpenSSL context for every new connection that a client makes over TLS. Creating an OpenSSL context is a relatively expensive operation that involves parsing the root certificate store for the operating system and building an internal data structure representing those certificates. When making 10,000 clients as part of the tests for PERF-4166, we saw that it was parsing certificates a total of 50,000 times, multiple times for each client. This was enough to make the test essentially not generate any traffic and keep all the cores busy just parsing certificate files repeatedly.
At a minimum we should probably only initialize the OpenSSL context once per client, but as mentioned in the slack thread, it would also be great if we only initialized it once for each client pool. For context, Chromium uses a singleton for their SSL Context here.
Note that Genny uses the mongocxx driver but I think that just defers to the mongoc driver in terms of how connections/OpenSSL is managed?