Big SSL/TLS connect performance regression in AmiSSL 5.x

[patrikaxelsson]

When adding AmiSSL 5.x compatibility to the aget download tool a while back, I noticed a big increase in download time when https was used.

Doing some comparisons with aget, alternating between AmiSSL 4.12 and 5.x, downloading both small and large files revealed that there is no significant difference in the actual download speed when it has started reading the data, but the test of small files indicates that the time needed to get to the state where payload data can be read has about doubled in AmiSSL 5.x compared to 4.12.

As this does not show what part/function of AmiSSL has changed, I wrote a tool to time every function needed to establish and shut down the SSL/TSL connection:
AmiSSLTest.zip

This test includes connecting to a server, so choosing different servers will affect the total time somewhat, but using the same server and comparing the results will give a more than consistent enough result to show the difference when the AmiSSL version is the only variable. Especially given how big the performance regression is.

Will be using the below test script to 1. show that apart from the first run where AmiSSL is loaded and initialized the first time, the total runtime of AmiSSLTest is consistent and 2. let the final run show the individual time spent for each AmiSSL function so the differenting ones can be spotted:

8.Ram Disk:AmiSSLTest> type testscript 
.key TESTHOSTNAME/A
Avail FLUSH >NIL:
Version amisslmaster.library
time AmiSSLTest "<TESTHOSTNAME>" 443 QUIET
time AmiSSLTest "<TESTHOSTNAME>" 443 QUIET
time AmiSSLTest "<TESTHOSTNAME>" 443 QUIET
time AmiSSLTest "<TESTHOSTNAME>" 443

All tests are done on a low-to-medium performance Amiga to make the differences more pronounced, unless otherwise noted. The machine in question is an A3000 030@25MHz with OS3.2.1. The AmiSSL installs are clean installs with each versions, so for example if if version amisslmaster.library says 5.4, it is 5.4 only.

So, lets begin with AmiSSL 4.12:

8.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 4.12
7.639298s
5.629828s
5.623966s
OpenLibrary("amisslmaster.library", 4) = 072CD950              0.001168s
InitAmiSSLMaster(07, 0) = 1                                    0.000070s
OpenAmiSSL() = 0731568C                                        0.023669s
InitAmiSSL(80000001, 072E3FAC, 00000000) = 0                   0.000283s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.761269s
RAND_seed(072FB01E, 128)                                       0.104660s
SSL_CTX_new(TLS_client_method()) = 0732F0C4                    0.152073s
SSL_new(0732F0C4) = 074F179C                                   0.003418s
SSL_set_tlsext_host_name(074F179C, "megaburken.net") = 1       0.000242s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008632s
SSL_set_fd(074F179C, 0) = 1                                    0.000475s
SSL_connect(074F179C) = 1                                      2.990576s
SSL_get_version(074F179C) = "TLSv1.3"                          0.000091s
SSL_get_cipher(074F179C) = "TLS_CHACHA20_POLY1305_SHA256"      0.000098s
SSL_shutdown(074F179C) = 0                                     0.010796s
SSL_free(074F179C)                                             0.041103s
SSL_CTX_free(0732F0C4)                                         0.002464s
CleanupAmiSSL(00000000)                                        0.004581s
CloseAmiSSL()                                                  0.454695s
CloseLibrary(072CD950)                                         0.000761s
5.737662s

And continue with AmiSSL 5.4 to represent 5.x:

8.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 5.4
14.102209s
11.158764s
11.157023s
OpenLibrary("amisslmaster.library", 4) = 072BCE3C              0.001202s
InitAmiSSLMaster(15, 0) = 1                                    0.000067s
OpenAmiSSL() = 07315350                                        0.024985s
InitAmiSSL(80000001, 072BCC14, 00000000) = 0                   0.000310s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.563544s
RAND_seed(072FC406, 128)                                       2.597003s
SSL_CTX_new(TLS_client_method()) = 075CB7CC                    0.862419s
SSL_new(075CB7CC) = 0732F1B4                                   0.003077s
SSL_set_tlsext_host_name(0732F1B4, "megaburken.net") = 1       0.000249s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008260s
SSL_set_fd(0732F1B4, 0) = 1                                    0.000538s
SSL_connect(0732F1B4) = 1                                      5.212742s
SSL_get_version(0732F1B4) = "TLSv1.3"                          0.000077s
SSL_get_cipher(0732F1B4) = "TLS_CHACHA20_POLY1305_SHA256"      0.000098s
SSL_shutdown(0732F1B4) = 0                                     0.011745s
SSL_free(0732F1B4)                                             0.044788s
SSL_CTX_free(075CB7CC)                                         0.011497s
CleanupAmiSSL(00000000)                                        0.006130s
CloseAmiSSL()                                                  0.738755s
CloseLibrary(072BCE3C)                                         0.000764s
11.263834s

Or the results sorted by the largest 5.4 time - 4.12 time to get a better overview which function contributes most to the overall increase in time:

Function	4.12 time(s)	5.4 time(s)	5.4 time - 4.12 time	5.4 time / 4.12 time
RAND_seed	0.104660	2.597003	2.49	24.81
SSL_connect	2.990576	5.212742	2.22	1.74
SSL_CTX_new	0.152073	0.862419	0.71	5.67
CloseAmiSSL	0.454695	0.738755	0.28	1.62
SSL_CTX_free	0.002464	0.011497	0.01	4.67
SSL_shutdown	0.010796	0.011745	0.00	1.09
SSL_set_tlsext_host_name	0.000242	0.000249	0.00	1.03
SSL_set_fd	0.000475	0.000538	0.00	1.13
SSL_new	0.003418	0.003077	-0.00	0.90
SSL_get_version	0.000091	0.000077	-0.00	0.85
SSL_get_cipher	0.000098	0.000098	0.00	1.00
SSL_free	0.041103	0.044788	0.00	1.09
OpenLibrary	0.001168	0.001202	0.00	1.03
OpenAmiSSL	0.023669	0.024985	0.00	1.06
InitAmiSSLMaster	0.000070	0.000067	-0.00	0.96
InitAmiSSL	0.000283	0.000310	0.00	1.10
ConnectToServer	0.008632	0.008260	-0.00	0.96
CloseLibrary	0.000761	0.000764	0.00	1.00
CleanupAmiSSL	0.004581	0.006130	0.00	1.34
OPENSSL_init_ssl	1.761269	1.563544	-0.20	0.89

This shows that the biggest offenders in 5.4 are RAND_seed(), SSL_connect() and SSL_CTX_new(). Maybe the underlying issue is connected?

[Futaura]

Could you rerun the test with 5.3? Particularly for RAND_seed(). It is just that I did mess with everything that uses timer.device in 5.4, so maybe I broke something.

I'll try to find it later, but loading of certificates is slower - there is an issue open about it at OpenSSL somewhere (it is obvious to see when opening the CA certs page in IBrowse).

[patrikaxelsson]

AmiSSL 5.3:

8.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 5.3
14.062799s
11.102567s
11.118127s
OpenLibrary("amisslmaster.library", 4) = 072BA354              0.001279s
InitAmiSSLMaster(15, 0) = 1                                    0.000070s
OpenAmiSSL() = 07311E00                                        0.026290s
InitAmiSSL(80000001, 072C378C, 00000000) = 0                   0.000303s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.602636s
RAND_seed(072F8F0E, 128)                                       2.548429s
SSL_CTX_new(TLS_client_method()) = 075C72FC                    0.832803s
SSL_new(075C72FC) = 0732BC6C                                   0.003092s
SSL_set_tlsext_host_name(0732BC6C, "megaburken.net") = 1       0.000249s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008645s
SSL_set_fd(0732BC6C, 0) = 1                                    0.000538s
SSL_connect(0732BC6C) = 1                                      5.219409s
SSL_get_version(0732BC6C) = "TLSv1.3"                          0.000077s
SSL_get_cipher(0732BC6C) = "TLS_CHACHA20_POLY1305_SHA256"      0.000097s
SSL_shutdown(0732BC6C) = 0                                     0.011511s
SSL_free(0732BC6C)                                             0.044592s
SSL_CTX_free(075C72FC)                                         0.011524s
CleanupAmiSSL(00000000)                                        0.005573s
CloseAmiSSL()                                                  0.742444s
CloseLibrary(072BA354)                                         0.000828s
11.236711s

Function	5.3 time(s)	5.4 time(s)	5.4 time - 5.3 time	5.4 time / 5.3 time
RAND_seed	2.548429	2.597003	0.05	1.02
SSL_CTX_new	0.832803	0.862419	0.03	1.04
SSL_shutdown	0.011511	0.011745	0.00	1.02
SSL_set_tlsext_host_name	0.000249	0.000249	0.00	1.00
SSL_set_fd	0.000538	0.000538	0.00	1.00
SSL_new	0.003092	0.003077	-0.00	1.00
SSL_get_version	0.000077	0.000077	0.00	1.00
SSL_get_cipher	0.000097	0.000098	0.00	1.01
SSL_free	0.044592	0.044788	0.00	1.00
SSL_CTX_free	0.011524	0.011497	-0.00	1.00
OpenLibrary	0.001279	0.001202	-0.00	0.94
OpenAmiSSL	0.026290	0.024985	-0.00	0.95
InitAmiSSLMaster	0.000070	0.000067	-0.00	0.96
InitAmiSSL	0.000303	0.000310	0.00	1.02
ConnectToServer	0.008645	0.008260	-0.00	0.96
CloseLibrary	0.000828	0.000764	-0.00	0.92
CloseAmiSSL	0.742444	0.738755	-0.00	1.00
CleanupAmiSSL	0.005573	0.006130	0.00	1.10
SSL_connect	5.219409	5.212742	-0.01	1.00
OPENSSL_init_ssl	1.602636	1.563544	-0.04	0.98

There appear to be no discernable difference.

Regarding certificates, at which point are those loaded? In this AmiSSLTest I am not doing any explicit certificate validation as you can see by the function calls.

I am wondering because if you compare the times between runs of AmiSSLTest in the testscript, you see that for 4.12 the difference between the first and second run is ~2s and with 5.4 and 5.3 it is ~3s. So wondering if just that added delay might have anything to do with the certificates.

The big offender for the first run is OpenAmiSSL() and it accounts for most of the 1s difference in the first run case:

4.12 OpenAmiSSL() for first and second run after cold:

8.Ram Disk:AmiSSLTest> avail flush >NIL: 
8.Ram Disk:AmiSSLTest> version amisslmaster.library 
amisslmaster.library 4.12
8.Ram Disk:AmiSSLTest> amissltest megaburken.net 443 | search OpenAmiSSL( NONUM 
OpenAmiSSL() = 07317A4C                                        1.879782s
8.Ram Disk:AmiSSLTest> amissltest megaburken.net 443 | search OpenAmiSSL( NONUM 
OpenAmiSSL() = 07317A4C                                        0.027656s

5.4 OpenAmiSSL() for first and second run after cold:

8.Ram Disk:AmiSSLTest> avail flush >NIL: 
8.Ram Disk:AmiSSLTest> version amisslmaster.library 
amisslmaster.library 5.4
8.Ram Disk:AmiSSLTest> amissltest megaburken.net 443 | search OpenAmiSSL( NONUM 
OpenAmiSSL() = 07317618                                        2.777094s
8.Ram Disk:AmiSSLTest> amissltest megaburken.net 443 | search OpenAmiSSL( NONUM 
OpenAmiSSL() = 07317618                                        0.023730s

[Futaura]

Each time you run amissltest, it gets its own AmiSSLBase (and own completely different OpenSSL instance), so the difference between first and second run can only really be the time it is taking for the OS to physically load amissl_v*.library from disk (the library is about 50% bigger in v5, IIRC, so that makes those times about right) and initialise the library.

I think certificates are only loaded as and when required, during the connection phase - that's partly why in AmiSSL we have a separate file for each certificate in AmiSSL:Certs, rather than a single .crt bundle file. The filenames are the hashes, so when OpenSSL needs to load a certificate, it calculates the hash, then knows which file it needs to look for. The certs in AmiSSL:Certs are actually duplicated - one copy with MD5 hashed names (to keep AmiSSL v1/v2/v3 happy) and one copy for SHA hashed names (as used by AmiSSL v4+). The issue I remembered about certificates is at openssl/openssl#16871 and I think it may have been mentioned before then too.

Thanks for the 5.3 test. At least I didn't break the random stuff in 5.4, but perhaps in 5.1! My main concern is with RAND_seed() at the moment, as nothing should have really changed there, at least in the Amiga specific code. I thought this would be the easiest to track down, but trying to figure out exactly what code is actually called by RAND_seed() is proving more difficult than expected.

[patrikaxelsson]

AmiSSL 5.1:

8.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 5.1
15.171337s
12.216817s
12.223336s
OpenLibrary("amisslmaster.library", 4) = 072C77C4              0.001225s
InitAmiSSLMaster(15, 0) = 1                                    0.000069s
OpenAmiSSL() = 07316B80                                        0.025002s
InitAmiSSL(80000001, 072C759C, 00000000) = 0                   0.000305s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.605771s
RAND_seed(0730EAE6, 128)                                       2.686950s
SSL_CTX_new(TLS_client_method()) = 075C8CEC                    0.841910s
SSL_new(075C8CEC) = 075D1B84                                   0.003132s
SSL_set_tlsext_host_name(075D1B84, "megaburken.net") = 1       0.000245s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008377s
SSL_set_fd(075D1B84, 0) = 1                                    0.000554s
SSL_connect(075D1B84) = 1                                      6.181352s
SSL_get_version(075D1B84) = "TLSv1.3"                          0.000074s
SSL_get_cipher(075D1B84) = "TLS_CHACHA20_POLY1305_SHA256"      0.000093s
SSL_shutdown(075D1B84) = 0                                     0.011801s
SSL_free(075D1B84)                                             0.044579s
SSL_CTX_free(075C8CEC)                                         0.011027s
CleanupAmiSSL(00000000)                                        0.005672s
CloseAmiSSL()                                                  0.718180s
CloseLibrary(072C77C4)                                         0.000782s
12.325456s

Function	5.1 time(s)	5.4 time(s)	abs(5.4 time - 5.1 time)	5.4 time / 5.1 time
SSL_connect	6.181352	5.212742	0.97	0.84
RAND_seed	2.686950	2.597003	0.09	0.97
OPENSSL_init_ssl	1.605771	1.563544	0.04	0.97
SSL_CTX_new	0.841910	0.862419	0.02	1.02
CloseAmiSSL	0.718180	0.738755	0.02	1.03
SSL_shutdown	0.011801	0.011745	0.00	1.00
SSL_set_tlsext_host_name	0.000245	0.000249	0.00	1.02
SSL_set_fd	0.000554	0.000538	0.00	0.97
SSL_new	0.003132	0.003077	0.00	0.98
SSL_get_version	0.000074	0.000077	0.00	1.04
SSL_get_cipher	0.000093	0.000098	0.00	1.05
SSL_free	0.044579	0.044788	0.00	1.00
SSL_CTX_free	0.011027	0.011497	0.00	1.04
OpenLibrary	0.001225	0.001202	0.00	0.98
OpenAmiSSL	0.025002	0.024985	0.00	1.00
InitAmiSSLMaster	0.000069	0.000067	0.00	0.97
InitAmiSSL	0.000305	0.000310	0.00	1.02
ConnectToServer	0.008377	0.008260	0.00	0.99
CloseLibrary	0.000782	0.000764	0.00	0.98
CleanupAmiSSL	0.005672	0.006130	0.00	1.08

5.1 is actually slower than 5.4 with SSL_connect being the biggest offender. Did not find 5.0 amongst the releases, but if you provide it, I can test it.

[Futaura]

There was no public 5.1 version - 5.0 was only used during development and testing.

I still can't figure out what the difference is with RAND_seed() in OpenSSL 3.0. The Amiga-specific code (now in https://github.com/jens-maus/amissl/blob/0467dc10ef88e20245b979581f50ea8238cf91d6/openssl/providers/implementations/rands/seeding/rand_amiga.c) appears to still be ok, so I'm guessing OpenSSL 3.0 must be doing something different compared to 1.1.1.

If you call RAND_seed() twice in your test program, does the second call still take as long as the first? And have you tried the "OpenSSL rand" command?

[patrikaxelsson]

The the second and the following calls are fast:

8.Ram Disk:AmiSSLTest> version amisslmaster.library 
amisslmaster.library 5.4
8.Ram Disk:AmiSSLTest> time AmiSSLTest megaburken.net 443 QUIET 
14.151603s
8.Ram Disk:AmiSSLTest> time AmiSSLTest megaburken.net 443 QUIET 
11.149136s
8.Ram Disk:AmiSSLTest> time AmiSSLTest megaburken.net 443 QUIET 
11.140796s
8.Ram Disk:AmiSSLTest> time AmiSSLTest megaburken.net 443 NUMRANDSEED=4 
OpenLibrary("amisslmaster.library", 4) = 072CCAD4              0.001236s
InitAmiSSLMaster(15, 0) = 1                                    0.000067s
OpenAmiSSL() = 075A0AD8                                        0.025315s
InitAmiSSL(80000001, 072CD224, 00000000) = 0                   0.000310s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.556706s
RAND_seed(075988BE, 128)                                       2.539696s
RAND_seed(075988BE, 128)                                       0.038731s
RAND_seed(075988BE, 128)                                       0.039888s
RAND_seed(075988BE, 128)                                       0.037923s
SSL_CTX_new(TLS_client_method()) = 075D1194                    0.859191s
SSL_new(075D1194) = 075D9F54                                   0.009697s
SSL_set_tlsext_host_name(075D9F54, "megaburken.net") = 1       0.000245s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008972s
SSL_set_fd(075D9F54, 0) = 1                                    0.000538s
SSL_connect(075D9F54) = 1                                      5.219587s
SSL_get_version(075D9F54) = "TLSv1.3"                          0.000088s
SSL_get_cipher(075D9F54) = "TLS_CHACHA20_POLY1305_SHA256"      0.000094s
SSL_shutdown(075D9F54) = 0                                     0.012078s
SSL_free(075D9F54)                                             0.044555s
SSL_CTX_free(075D1194)                                         0.011487s
CleanupAmiSSL(00000000)                                        0.006081s
CloseAmiSSL()                                                  0.727844s
CloseLibrary(072CCAD4)                                         0.000793s
11.351742s

The size does not seem to matter, second and following time is still fast with a small size:

8.Ram Disk:AmiSSLTest> time AmiSSLTest megaburken.net 443 NUMRANDSEED=4 RANDSEEDSIZE=16 
OpenLibrary("amisslmaster.library", 4) = 072CCAD4              0.001232s
InitAmiSSLMaster(15, 0) = 1                                    0.000067s
OpenAmiSSL() = 075A0AD8                                        0.024071s
InitAmiSSL(80000001, 072CD224, 00000000) = 0                   0.000312s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.562202s
RAND_seed(075988BE, 16)                                        2.530832s
RAND_seed(075988BE, 16)                                        0.030265s
RAND_seed(075988BE, 16)                                        0.031190s
RAND_seed(075988BE, 16)                                        0.029709s
SSL_CTX_new(TLS_client_method()) = 075D1194                    0.863059s
SSL_new(075D1194) = 075D9F54                                   0.003119s
SSL_set_tlsext_host_name(075D9F54, "megaburken.net") = 1       0.000246s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008699s
SSL_set_fd(075D9F54, 0) = 1                                    0.000537s
SSL_connect(075D9F54) = 1                                      5.213066s
SSL_get_version(075D9F54) = "TLSv1.3"                          0.000090s
SSL_get_cipher(075D9F54) = "TLS_CHACHA20_POLY1305_SHA256"      0.000095s
SSL_shutdown(075D9F54) = 0                                     0.014522s
SSL_free(075D9F54)                                             0.044231s
SSL_CTX_free(075D1194)                                         0.010970s
CleanupAmiSSL(00000000)                                        0.005803s
CloseAmiSSL()                                                  0.747354s
CloseLibrary(072CCAD4)                                         0.000789s
11.339606s

However, it does not make any change to the SSL_connect() time.

I have not tried the "OpenSSL rand" command, but here it is:

8.Ram Disk:AmiSSLTest> version amisslmaster.library 
amisslmaster.library 5.4
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 16 >NIL:" 
8.834680s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 16 >NIL:" 
6.094248s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 16 >NIL:" 
6.084461s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 256 >NIL:" 
6.116215s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 65536 >NIL:" 
7.802234s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 1048576 >NIL:" 
32.673294s

8.Ram Disk:AmiSSLTest> version amisslmaster.library 
amisslmaster.library 4.12
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 16 >NIL:" 
5.227866s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 16 >NIL:" 
3.246003s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 16 >NIL:" 
3.270027s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 256 >NIL:" 
3.338169s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 65536 >NIL:" 
4.885255s
8.Ram Disk:AmiSSLTest> time "AmiSSL:OpenSSL rand 1048576 >NIL:" 
28.391201s

Looks somewhat similar to the downloading times that got me started with this - initial time is a bit below doubled in 5.4 compared to 4.12, but it looks like the actual speed of random data generation is roughly the same:
5.4: 32.673294-6.084461=26.588833
4.12: 28.391201-3.270027=25.121174

Attaching updated test program - with source, Makefile and everything this time too, only needs a stock vbcc with m68k-amigaos target installed, wget, lha and make to build:
AmiSSLTest_20221019.zip

[Futaura]

Ok, so it must be some autoinit of something. Technically, you don't need to call OPENSSL_init_ssl or RAND_seed anymore in OpenSSL 3.0, as initialisation is done automatically as and when required, and it reseeds automatically too. That said, it will be interesting to find what RAND_seed is initialising that OPENSSL_init_ssl hasn't already.

[patrikaxelsson]

As I understood the docs, you have not needed to explicitly call OPENSSL_init_ssl and RAND_seed since OpenSSL 1.1.0. Btw, I added a 1MB test of "OpenSSL rand" to the previous post which was quite interesting.

[patrikaxelsson]

Btw, there is no reduction in total time by not calling OPENSSL_init_ssl and RAND_SEED:

8.Ram Disk:AmiSSLTest> version amisslmaster.library 
amisslmaster.library 5.4
8.Ram Disk:AmiSSLTest> time AmiSSLTest megaburken.net 443 NOOPENSSLINITSSL NUMRANDSEED=0 QUIET 
14.130562s
8.Ram Disk:AmiSSLTest> time AmiSSLTest megaburken.net 443 NOOPENSSLINITSSL NUMRANDSEED=0 QUIET 
11.141529s
8.Ram Disk:AmiSSLTest> time AmiSSLTest megaburken.net 443 NOOPENSSLINITSSL NUMRANDSEED=0 QUIET 
11.134120s
8.Ram Disk:AmiSSLTest> time AmiSSLTest megaburken.net 443 NOOPENSSLINITSSL NUMRANDSEED=0 
OpenLibrary("amisslmaster.library", 4) = 072BC94C              0.001182s
InitAmiSSLMaster(15, 0) = 1                                    0.000069s
OpenAmiSSL() = 07315D68                                        0.025262s
InitAmiSSL(80000001, 072D23EC, 00000000) = 0                   0.000305s
SSL_CTX_new(TLS_client_method()) = 07328164                    4.968068s
SSL_new(07328164) = 0732FBCC                                   0.003064s
SSL_set_tlsext_host_name(0732FBCC, "megaburken.net") = 1       0.000250s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008420s
SSL_set_fd(0732FBCC, 0) = 1                                    0.000549s
SSL_connect(0732FBCC) = 1                                      5.204611s
SSL_get_version(0732FBCC) = "TLSv1.3"                          0.000090s
SSL_get_cipher(0732FBCC) = "TLS_CHACHA20_POLY1305_SHA256"      0.000097s
SSL_shutdown(0732FBCC) = 0                                     0.011679s
SSL_free(0732FBCC)                                             0.044736s
SSL_CTX_free(07328164)                                         0.012175s
CleanupAmiSSL(00000000)                                        0.007672s
CloseAmiSSL()                                                  0.767931s
CloseLibrary(072BC94C)                                         0.000734s
11.233146s

SSL_CTX_new takes the hit instead and SSL_connect is still taking the same time.

[Futaura]

Yes, as expected the inits just happen at different times. Somehow, I will eventually figure out what the extra initialisation is when calling RAND_init. It's a pity that AmiSSL can't be compiled with SAS/C anymore, as sprof would probably have made the answer obvious.

[Futaura]

After adding a bunch of debug output to see when the one-time initialisations are happening, I found that after your OPENSSL_init_ssl call, all that RAND_seed then initialises is the AmigaOS specific random stuff, which is basically just opening timer.device, which doesn't account for the 2.5sec delay. I guess it would be the same in AmiSSL 4.12 too. The random number generator did add two new methods (hash and hmac) in OpenSSL 3.0, but the default is ctr as per OpenSSL 1.1.1. So, it could be that the delay is RAND_seed filling the random buffer - either the initial buffer size has increased somewhat or the method used is more complex or just plain slower. That's what I'm going to investigate next anyway.

[Futaura]

Unfortunately, it is not so good news with RAND_seed - it's actually really nothing specifically related to the random code, but it triggers initialisation of lots of the provider stuff, whilst initialising the random number generator modules. So, there's no silver bullet, but hundreds of function calls before RAND_seed gets to the Amiga specific initialisation code - it's very hard to see any way of optimising that. It's also very hard for me to see this issue on my 68060, even after switching the caches off, but I could see a split second delay in the debug output which showed me where it was slowing down.

I'm curious if changing your AmiSSL:openssl.cnf file to contain only the following makes any difference whatsoever to speed:

openssl_conf = openssl_init
   
[openssl_init]
providers = provider_sect
   
[provider_sect]
default = default_sect
legacy = legacy_sect
   
[default_sect]
activate = 1
   
[legacy_sect]
activate = 1

The only thing left to look at is SSL_connect, although again it may just be the first time it is called that has the delay, due to intialisations. I guess we just have to hope that performance is improved in OpenSSL in future versions.

[patrikaxelsson]

Unfortunately, there is no change with the minimalistic openssl.cnf:

8.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 5.4
14.089600s
11.158946s
11.192785s
OpenLibrary("amisslmaster.library", 4) = 072D2F3C              0.001217s
InitAmiSSLMaster(15, 0) = 1                                    0.000067s
OpenAmiSSL() = 07315A28                                        0.023984s
InitAmiSSL(80000001, 072FC98C, 00000000) = 0                   0.000301s
OPENSSL_init_ssl(0020000E, 0) = 1                              0.834569s
RAND_seed(072FC416, 128)                                       2.989415s
SSL_CTX_new(TLS_client_method()) = 075D7764                    0.897725s
SSL_new(075D7764) = 0732D864                                   0.003336s
SSL_set_tlsext_host_name(0732D864, "megaburken.net") = 1       0.000246s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008811s
SSL_set_fd(0732D864, 0) = 1                                    0.000534s
SSL_connect(0732D864) = 1                                      5.435512s
SSL_get_version(0732D864) = "TLSv1.3"                          0.000076s
SSL_get_cipher(0732D864) = "TLS_CHACHA20_POLY1305_SHA256"      0.000087s
SSL_shutdown(0732D864) = 0                                     0.011851s
SSL_free(0732D864)                                             0.044713s
SSL_CTX_free(075D7764)                                         0.011429s
CleanupAmiSSL(00000000)                                        0.006181s
CloseAmiSSL()                                                  0.833784s
CloseLibrary(072D2F3C)                                         0.000765s
11.286787s

When doing several connects, SSL_connect is slightly faster after the first time, but not much:

OpenLibrary("amisslmaster.library", 4) = 072B5AB4              0.001329s
InitAmiSSLMaster(15, 0) = 1                                    0.000067s
OpenAmiSSL() = 075C9F68                                        0.028899s
InitAmiSSL(80000001, 072FC98C, 00000000) = 0                   0.000307s
OPENSSL_init_ssl(0020000E, 0) = 1                              0.830452s
RAND_seed(072EDF26, 128)                                       3.009464s
SSL_CTX_new(TLS_client_method()) = 075F65CC                    0.888679s
SSL_new(075F65CC) = 0732D98C                                   0.003133s
SSL_set_tlsext_host_name(0732D98C, "megaburken.net") = 1       0.000248s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008610s
SSL_set_fd(0732D98C, 0) = 1                                    0.000548s
SSL_connect(0732D98C) = 1                                      5.412723s
SSL_get_version(0732D98C) = "TLSv1.3"                          0.000077s
SSL_get_cipher(0732D98C) = "TLS_CHACHA20_POLY1305_SHA256"      0.000100s
SSL_shutdown(0732D98C) = 0                                     0.011631s
SSL_free(0732D98C)                                             0.044713s
SSL_new(075F65CC) = 0732D98C                                   0.003137s
SSL_set_tlsext_host_name(0732D98C, "megaburken.net") = 1       0.000249s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008493s
SSL_set_fd(0732D98C, 0) = 1                                    0.000546s
SSL_connect(0732D98C) = 1                                      4.866268s
SSL_get_version(0732D98C) = "TLSv1.3"                          0.000077s
SSL_get_cipher(0732D98C) = "TLS_CHACHA20_POLY1305_SHA256"      0.000097s
SSL_shutdown(0732D98C) = 0                                     0.011940s
SSL_free(0732D98C)                                             0.045047s
SSL_new(075F65CC) = 0732D98C                                   0.003133s
SSL_set_tlsext_host_name(0732D98C, "megaburken.net") = 1       0.000248s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008218s
SSL_set_fd(0732D98C, 0) = 1                                    0.000546s
SSL_connect(0732D98C) = 1                                      4.846900s
SSL_get_version(0732D98C) = "TLSv1.3"                          0.000077s
SSL_get_cipher(0732D98C) = "TLS_CHACHA20_POLY1305_SHA256"      0.000098s
SSL_shutdown(0732D98C) = 0                                     0.011659s
SSL_free(0732D98C)                                             0.044775s
SSL_CTX_free(075F65CC)                                         0.011518s
CleanupAmiSSL(00000000)                                        0.006511s
CloseAmiSSL()                                                  0.844585s
CloseLibrary(072B5AB4)                                         0.000879s

[patrikaxelsson]

Actually, I noticed that with the minimal openssl.cnf, OPENSSL_init_ssl is faster, but RAND_seed is slower and it looks like SSL_connect is a bit slower too.

Total time is unchanged, which is what I was looking at.

For the record, the multiple-connect test was using the minimal openssl.cnf also.

[patrikaxelsson]

If I re-run the multiple-connect tests with the original openssl.cnf, SSL_connect is actually also faster for each repeated run than with the minimal openssl.cnf, very interesting:

8.Ram Disk:AmiSSLTest> AmiSSLTest megaburken.net 443 NUMSSLCONNECT=3 
OpenLibrary("amisslmaster.library", 4) = 072BA404              0.167006s
InitAmiSSLMaster(15, 0) = 1                                    0.000067s
OpenAmiSSL() = 07324648                                        2.692918s
InitAmiSSL(80000001, 072FC98C, 00000000) = 0                   0.000304s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.520888s
RAND_seed(072EF9FE, 128)                                       2.554526s
SSL_CTX_new(TLS_client_method()) = 075D943C                    0.856734s
SSL_new(075D943C) = 0730A164                                   0.003129s
SSL_set_tlsext_host_name(0730A164, "megaburken.net") = 1       0.000245s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.248157s
SSL_set_fd(0730A164, 0) = 1                                    0.000555s
SSL_connect(0730A164) = 1                                      5.210034s
SSL_get_version(0730A164) = "TLSv1.3"                          0.000074s
SSL_get_cipher(0730A164) = "TLS_CHACHA20_POLY1305_SHA256"      0.000097s
SSL_shutdown(0730A164) = 0                                     0.011817s
SSL_free(0730A164)                                             0.045049s
SSL_new(075D943C) = 0730A164                                   0.003139s
SSL_set_tlsext_host_name(0730A164, "megaburken.net") = 1       0.000245s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008463s
SSL_set_fd(0730A164, 0) = 1                                    0.000556s
SSL_connect(0730A164) = 1                                      4.699763s
SSL_get_version(0730A164) = "TLSv1.3"                          0.000074s
SSL_get_cipher(0730A164) = "TLS_CHACHA20_POLY1305_SHA256"      0.000097s
SSL_shutdown(0730A164) = 0                                     0.011859s
SSL_free(0730A164)                                             0.045976s
SSL_new(075D943C) = 0730A164                                   0.003139s
SSL_set_tlsext_host_name(0730A164, "megaburken.net") = 1       0.000245s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008272s
SSL_set_fd(0730A164, 0) = 1                                    0.000555s
SSL_connect(0730A164) = 1                                      4.681868s
SSL_get_version(0730A164) = "TLSv1.3"                          0.000074s
SSL_get_cipher(0730A164) = "TLS_CHACHA20_POLY1305_SHA256"      0.000097s
SSL_shutdown(0730A164) = 0                                     0.011796s
SSL_free(0730A164)                                             0.044117s
SSL_CTX_free(075D943C)                                         0.012499s
CleanupAmiSSL(00000000)                                        0.005981s
CloseAmiSSL()                                                  0.738846s
CloseLibrary(072BA404)                                         0.000930s

[Futaura]

You could try maybe deactivating the legacy provider in openssl.cnf, as I think maybe your test program will only need the default provider, although it still might not make any difference.

The only good news is at least others are noticing and reporting specific performance issues (https://github.com/openssl/openssl/issues?q=is%3Aissue+is%3Aopen+performance) and it seems some are already fixed, but will maybe not reach us until OpenSSL 3.1.

[patrikaxelsson]

Noticed that you made some rand seed changes in the 5.5 release notes, so made a test to see if it made any difference:

8.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 5.5
14.107633s
11.153515s
11.156689s
OpenLibrary("amisslmaster.library", 4) = 072CA2A4              0.001260s
InitAmiSSLMaster(15, 0) = 1                                    0.000070s
OpenAmiSSL() = 0731F3B8                                        0.025831s
InitAmiSSL(80000001, 072CA07C, 00000000) = 0                   0.000318s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.581124s
RAND_seed(073062DE, 128)                                       2.336268s
SSL_CTX_new(TLS_client_method()) = 075D24BC                    1.112533s
SSL_new(075D24BC) = 0733921C                                   0.003077s
SSL_set_tlsext_host_name(0733921C, "megaburken.net") = 1       0.000248s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008304s
SSL_set_fd(0733921C, 0) = 1                                    0.000541s
SSL_connect(0733921C) = 1                                      5.212244s
SSL_get_version(0733921C) = "TLSv1.3"                          0.000090s
SSL_get_cipher(0733921C) = "TLS_CHACHA20_POLY1305_SHA256"      0.000097s
SSL_shutdown(0733921C) = 0                                     0.011848s
SSL_free(0733921C)                                             0.062175s
SSL_CTX_free(075D24BC)                                         0.010892s
CleanupAmiSSL(00000000)                                        0.005826s
CloseAmiSSL()                                                  0.746911s
CloseLibrary(072CA2A4)                                         0.000813s
11.307881s

Function	5.4 time(s)	5.5 time(s)	abs(5.5 time - 5.4 time)	5.5 time / 5.4 time
RAND_seed	2.597003	2.336268	0.260735	0.90
SSL_CTX_new	0.862419	1.112533	0.250114	1.29
OPENSSL_init_ssl	1.563544	1.581124	0.017580	1.01
SSL_free	0.044788	0.062175	0.017387	1.39
CloseAmiSSL	0.738755	0.746911	0.008156	1.01
OpenAmiSSL	0.024985	0.025831	0.000846	1.03
SSL_CTX_free	0.011497	0.010892	0.000605	0.95
SSL_connect	5.212742	5.212244	0.000498	1.00
CleanupAmiSSL	0.006130	0.005826	0.000304	0.95
SSL_shutdown	0.011745	0.011848	0.000103	1.01
OpenLibrary	0.001202	0.001260	0.000058	1.05
CloseLibrary	0.000764	0.000813	0.000049	1.06
ConnectToServer	0.008260	0.008304	0.000044	1.01
SSL_get_version	0.000077	0.000090	0.000013	1.17
InitAmiSSL	0.000310	0.000318	0.000008	1.03
SSL_set_fd	0.000538	0.000541	0.000003	1.01
InitAmiSSLMaster	0.000067	0.000070	0.000003	1.04
SSL_set_tlsext_host_name	0.000249	0.000248	0.000001	1.00
SSL_get_cipher	0.000098	0.000097	0.000001	0.99
SSL_new	0.003077	0.003077	0.000000	1.00

RAND_seed() is measurably faster now, but SSL_CTX_new() is equally as much slower for some unknown reason so the total time is more or less identical.

[Futaura]

Yes, most likely some of the indirect initialisation simply moved. The seed code used to call SHA256() which will have triggered some initialisation. Now it is not used, so that initialisation happens later, when needed.

The seed code yielded mostly non-random code here as it measured the time difference between DoIO calls, which tended to always be the same after the first few calls. Only running SHA over it made it seem more random random. Probably made sense for OpenSSL 0.9.7, but not since all the rand stuff changed quite a while ago and will hash it anyway.

Let's hope OpenSSL 3.1 is ready soon, as it seems that does already fix some speed issues.

[Futaura]

@patrikaxelsson I would be interested in your test results using the following:

AmiSSL-5.8-OS3-rc1.zip

Even on my 68060, there was a measurable performance increase, albeit small, using your test program compared with 5.7. There are two reasons. Firstly, OpenSSL 3.1 contains some performance improvements. These alone tested faster on my 68060. I then also added atomic assembly operations, which replaces Exec semaphore protection used in previous versions - this also increased performance a little.

I'm hoping this is almost ready to go. I'm just letting the IBrowse beta testers try it first, as there is a chance I could have broken the multithreading stuff. I also just need to work through all the OpenSSL 3.1 changes to make sure I didn't miss anything.

[patrikaxelsson]

I am apparently lagging behind on the benchmarking, so will have to do 5.7 first :)

7.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 5.7
14.087131s
11.116933s
11.096676s
OpenLibrary("amisslmaster.library", 4) = 072FAB34              0.001158s
InitAmiSSLMaster(15, 0) = 1                                    0.000066s
OpenAmiSSL() = 0734A190                                        0.026775s
InitAmiSSL(80000001, 072FA834, 00000000) = 0                   0.000315s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.624266s
RAND_seed(073310B6, 128)                                       2.252949s
SSL_CTX_new(TLS_client_method()) = 075FCB54                    1.093511s
SSL_new(075FCB54) = 07608A2C                                   0.003349s
SSL_set_tlsext_host_name(07608A2C, "megaburken.net") = 1       0.000239s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008765s
SSL_set_fd(07608A2C, 0) = 1                                    0.000576s
SSL_connect(07608A2C) = 1                                      5.198793s
SSL_get_version(07608A2C) = "TLSv1.3"                          0.000074s
SSL_get_cipher(07608A2C) = "TLS_CHACHA20_POLY1305_SHA256"      0.000097s
SSL_shutdown(07608A2C) = 0                                     0.011696s
SSL_free(07608A2C)                                             0.048842s
SSL_CTX_free(075FCB54)                                         0.011669s
CleanupAmiSSL(00000000)                                        0.006352s
CloseAmiSSL()                                                  0.756434s
CloseLibrary(072FAB34)                                         0.000716s
11.247836s

Then 5.8-rc1:

7.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 5.8
12.382311s
9.499765s
9.500984s
OpenLibrary("amisslmaster.library", 4) = 072FAAE4              0.001202s
InitAmiSSLMaster(15, 0) = 1                                    0.000069s
OpenAmiSSL() = 0734BC78                                        0.025148s
InitAmiSSL(80000001, 0732FBCC, 00000000) = 0                   0.000582s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.560347s
RAND_seed(07343A5E, 128)                                       2.055813s
SSL_CTX_new(TLS_client_method()) = 07604734                    0.946054s
SSL_new(07604734) = 0761027C                                   0.003816s
SSL_set_tlsext_host_name(0761027C, "megaburken.net") = 1       0.000239s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008892s
SSL_set_fd(0761027C, 0) = 1                                    0.000518s
SSL_connect(0761027C) = 1                                      4.055816s
SSL_get_version(0761027C) = "TLSv1.3"                          0.000077s
SSL_get_cipher(0761027C) = "TLS_CHACHA20_POLY1305_SHA256"      0.000091s
SSL_shutdown(0761027C) = 0                                     0.011508s
SSL_free(0761027C)                                             0.041673s
SSL_CTX_free(07604734)                                         0.010676s
CleanupAmiSSL(00000000)                                        0.005217s
CloseAmiSSL()                                                  0.711892s
CloseLibrary(072FAAE4)                                         0.000755s
9.626512s

Function	5.7 time(s)	5.8 time(s)	abs(5.8 time - 5.7 time)	5.8 time / 5.7 time
SSL_connect	5.198793	4.055816	1.142977	0.78
RAND_seed	2.252949	2.055813	0.197136	0.91
SSL_CTX_new	1.093511	0.946054	0.147457	0.87
OPENSSL_init_ssl	1.624266	1.560347	0.063919	0.96
CloseAmiSSL	0.756434	0.711892	0.044542	0.94
SSL_free	0.048842	0.041673	0.007169	0.85
OpenAmiSSL	0.026775	0.025148	0.001627	0.94
CleanupAmiSSL	0.006352	0.005217	0.001135	0.82
SSL_CTX_free	0.011669	0.010676	0.000993	0.91
SSL_new	0.003349	0.003816	0.000467	1.14
InitAmiSSL	0.000315	0.000582	0.000267	1.85
SSL_shutdown	0.011696	0.011508	0.000188	0.98
ConnectToServer	0.008765	0.008892	0.000127	1.01
SSL_set_fd	0.000576	0.000518	0.000058	0.90
OpenLibrary	0.001158	0.001202	0.000044	1.04
CloseLibrary	0.000716	0.000755	0.000039	1.05
SSL_get_cipher	0.000097	0.000091	0.000006	0.94
SSL_get_version	0.000074	0.000077	0.000003	1.04
InitAmiSSLMaster	0.000066	0.000069	0.000003	1.05
SSL_set_tlsext_host_name	0.000239	0.000239	0.000000	1.00

Nice - big improvement in SSL_connect, and measurable improvements in RAND_seed and SSL_CTX_new.

[patrikaxelsson]

Also, lets compare the above 5.8-rc1 result against a run of 4.12 to see current status of the regression:

7.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 4.12
7.618538s
5.676046s
5.673613s
OpenLibrary("amisslmaster.library", 4) = 072FA450              0.001103s
InitAmiSSLMaster(07, 0) = 1                                    0.000067s
OpenAmiSSL() = 0734BD84                                        0.023734s
InitAmiSSL(80000001, 0730FB34, 00000000) = 0                   0.000298s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.806961s
RAND_seed(07331996, 128)                                       0.106617s
SSL_CTX_new(TLS_client_method()) = 07365394                    0.144940s
SSL_new(07365394) = 075271F4                                   0.003345s
SSL_set_tlsext_host_name(075271F4, "megaburken.net") = 1       0.000242s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008641s
SSL_set_fd(075271F4, 0) = 1                                    0.000479s
SSL_connect(075271F4) = 1                                      3.011151s
SSL_get_version(075271F4) = "TLSv1.3"                          0.000088s
SSL_get_cipher(075271F4) = "TLS_CHACHA20_POLY1305_SHA256"      0.000094s
SSL_shutdown(075271F4) = 0                                     0.010729s
SSL_free(075271F4)                                             0.039970s
SSL_CTX_free(07365394)                                         0.002475s
CleanupAmiSSL(00000000)                                        0.004554s
CloseAmiSSL()                                                  0.453150s
CloseLibrary(072FA450)                                         0.000690s
5.801682s

Function	4.12 time(s)	5.8 time(s)	abs(5.8 time - 4.12 time)	5.8 time / 4.12 time
RAND_seed	0.106617	2.055813	1.949196	19.28
SSL_connect	3.011151	4.055816	1.044665	1.35
SSL_CTX_new	0.144940	0.946054	0.801114	6.53
CloseAmiSSL	0.453150	0.711892	0.258742	1.57
OPENSSL_init_ssl	1.806961	1.560347	0.246614	0.86
SSL_CTX_free	0.002475	0.010676	0.008201	4.31
SSL_free	0.039970	0.041673	0.001703	1.04
OpenAmiSSL	0.023734	0.025148	0.001414	1.06
SSL_shutdown	0.010729	0.011508	0.000779	1.07
CleanupAmiSSL	0.004554	0.005217	0.000663	1.15
SSL_new	0.003345	0.003816	0.000471	1.14
InitAmiSSL	0.000298	0.000582	0.000284	1.95
ConnectToServer	0.008641	0.008892	0.000251	1.03
OpenLibrary	0.001103	0.001202	0.000099	1.09
CloseLibrary	0.000690	0.000755	0.000065	1.09
SSL_set_fd	0.000479	0.000518	0.000039	1.08
SSL_get_version	0.000088	0.000077	0.000011	0.88
SSL_set_tlsext_host_name	0.000242	0.000239	0.000003	0.99
SSL_get_cipher	0.000094	0.000091	0.000003	0.97
InitAmiSSLMaster	0.000067	0.000069	0.000002	1.03

When comparing to the difference seen from 4.12->5.3 - RAND_seed, SSL_connect and SSL_CTX_new are still the biggest offenders, but all of them have improved and SSL_connect has improved the most, followed by RAND_seed and last SSL_CTX_new.

[Futaura]

Thanks for that - glad to see the improvements have had a positive impact on performance. Fortunately, others often report performance regressions to the OpenSSL team and when they eventually get fixed, it will of course benefit slower systems the most. It is a bit hard to trace exactly what the performance improvements were in OpenSSL 3.1, although I did note that one of them is only a partial fix - presumably, more speed to come from that later.

I will hopefully release AmiSSL 5.8 later this coming week - so far, the semaphore->atomic switch appears to be working correctly.

[patrikaxelsson]

Figured I should do a comparison of 5.8-rc1 -> 5.12 to get a current measurement:

8.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 5.12
12.922633s
9.379419s
9.378738s
OpenLibrary("amisslmaster.library", 4) = 07382034              0.001511s
InitAmiSSLMaster(15, 0) = 1                                    0.000067s
OpenAmiSSL() = 076B5A10                                        0.026198s
InitAmiSSL(80000001, 073DABEC, 00000000) = 0                   0.000308s
OPENSSL_init_ssl(0020000E, 0) = 1                              1.552506s
RAND_seed(073F26C6, 128)                                       2.037369s
SSL_CTX_new(TLS_client_method()) = 076D230C                    0.925524s
SSL_new(076D230C) = 076DDE54                                   0.003119s
SSL_set_tlsext_host_name(076DDE54, "megaburken.net") = 1       0.000238s
ConnectToServer("megaburken.net", 443, 10) = 0                 0.008744s
SSL_set_fd(076DDE54, 0) = 1                                    0.000521s
SSL_connect(076DDE54) = 1                                      3.980525s
SSL_get_version(076DDE54) = "TLSv1.3"                          0.000076s
SSL_get_cipher(076DDE54) = "TLS_CHACHA20_POLY1305_SHA256"      0.000088s
SSL_shutdown(076DDE54) = 0                                     0.011302s
SSL_free(076DDE54)                                             0.044292s
SSL_CTX_free(076D230C)                                         0.010774s
CleanupAmiSSL(00000000)                                        0.005408s
CloseAmiSSL()                                                  0.718203s
CloseLibrary(07382034)                                         0.000910s
9.507006s

Function	5.8 time(s)	5.12 time(s)	abs(5.12 time - 5.8 time)	5.12 time / 5.8 time
SSL_connect	4.045652	3.980525	0.065127	0.98
SSL_CTX_new	0.947431	0.925524	0.021907	0.98
CloseAmiSSL	0.734340	0.718203	0.016137	0.98
RAND_seed	2.023541	2.037369	0.013828	1.01
OPENSSL_init_ssl	1.546088	1.552506	0.006418	1.00
OpenAmiSSL	0.032160	0.026198	0.005962	0.81
SSL_free	0.041702	0.044292	0.002590	1.06
CleanupAmiSSL	0.007440	0.005408	0.002032	0.73
SSL_CTX_free	0.010107	0.010774	0.000667	1.07
SSL_shutdown	0.011773	0.011302	0.000471	0.96
ConnectToServer	0.008941	0.008744	0.000197	0.98
OpenLibrary	0.001550	0.001511	0.000039	0.97
CloseLibrary	0.000941	0.000910	0.000031	0.97
SSL_new	0.003135	0.003119	0.000016	0.99
SSL_set_fd	0.000531	0.000521	0.000010	0.98
InitAmiSSL	0.000303	0.000308	0.000005	1.02
SSL_get_cipher	0.000084	0.000088	0.000004	1.05
SSL_set_tlsext_host_name	0.000241	0.000238	0.000003	0.99
SSL_get_version	0.000076	0.000076	0.000000	1.00
InitAmiSSLMaster	0.000067	0.000067	0.000000	1.00

A slight bit faster at connecting again and again compared to 5.8-rc1, but pretty much the same.

[patrikaxelsson]

A general performance tip when on a 68030 system: don't use mmu.library unless you use some software that needs it, or you use it to avoid issues with the combination of the 68030 and some expansion boards like the C= bridge boards.

Above test without mmu.library:

8.Ram Disk:AmiSSLTest> version mmu.library 
kan ej finna objektet
8.Ram Disk:AmiSSLTest> testscript megaburken.net 
amisslmaster.library 5.12
11.576430s
8.498468s
8.474756s
...
...

A ~11% performance increase in repeated connection time (~9.4s -> ~8.5s) simply by not loading mmu.library.

For reference - all the above test since the start of this thread has been with mmu.library enabled, so will continue to do so to be consistent.

[Futaura]

Thanks for the update - next big test will be OpenSSL 3.2, which is now in beta testing, so I expect not too far from release.