[SERVER-59876] Large delays in returning from `libcrypto.so` while establishing egress connections Created: 10/Sep/21 Updated: 29/Oct/23 Resolved: 16/Sep/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code |
| Affects Version/s: | 4.2.8, 4.2.15 |
| Fix Version/s: | 4.2.17, 4.4.10, 5.0.4, 5.1.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Amirsaman Memaripour | Assignee: | Mark Benvenuto |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | Linux | ||||||||
| Backport Requested: |
v5.0, v4.4, v4.2, v4.0
|
||||||||
| Sprint: | Security 2021-09-20 | ||||||||
| Participants: | |||||||||
| Case: | (copied to CRM) | ||||||||
| Description |
|
Establishing egress connections on mongos servers may be delayed by seconds due to large delays in returning from libcrypto.so. The incidents are reported on r4.2.8 and r4.2.15, running mongos on RHEL 7 and using libcrypto.so.1.0.2k. |
| Comments |
| Comment by Githook User [ 21/Sep/21 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit f9383c046f2895f6622fe48f063ab3c174afcbb6) |
| Comment by Githook User [ 21/Sep/21 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit f9383c046f2895f6622fe48f063ab3c174afcbb6) |
| Comment by Githook User [ 16/Sep/21 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: (cherry picked from commit f9383c046f2895f6622fe48f063ab3c174afcbb6) |
| Comment by Githook User [ 16/Sep/21 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |
| Comment by Mark Benvenuto [ 13/Sep/21 ] |
|
SCRAM-SHA-* is expensive to compute, by design, which is why Mongo clients typically use a cache to mitigate some of the performance hit. Unfortunately, the client cache is not used for server -> server communication due to a bug in which the target host and port is not passed around to the cache. |