envoyproxy/envoy

possible optimization: repetitive private key reads

Open

#20,045 创建于 2022年2月18日

在 GitHub 查看
 (5 评论) (0 反应) (0 负责人)C++ (5,373 fork)batch import
area/perfarea/tlsenhancementhelp wanted

仓库指标

Star
 (27,997 star)
PR 合并指标
 (平均合并 8天) (30 天内合并 378 个 PR)

描述

Title: possible optimization: repetitive private key reads

Description: When investigating https://github.com/envoyproxy/envoy/issues/19774, I found another area that may be improved (possibly). Currently, for each cluster/listener, we do a full boringssl processing of the same key/cert pair (I think). This ends up being fairly expensive at scale. With a large number of clusters, startup time is decreased from 5.5s to 4.5s in my tests when using 2048 bit RSA keys vs ECDSA keys (since they are cheaper to process).

RSA: 2022-18-02_09-39-12

ECDSA: 2022-18-02_09-39-03

I know very little about boringssl or the lifecycles here, but my naive thought is that it could be read once and shared among each cluster

cc @lambdai

贡献者指南