[Bug 1768112] Re: 7.47.0-1ubuntu2.2 is much slower than 7.22.0-3ubuntu4.17 for https

Shawn Zhou 1768112 at bugs.launchpad.net
Mon Apr 30 18:45:27 UTC 2018 

strace output of curl 7.22.0

** Attachment added: "curl_7.22.0_strace.txt"
   https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1768112/+attachment/5130960/+files/curl_7.22.0_strace.txt

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1768112

Title:
  7.47.0-1ubuntu2.2 is much slower than 7.22.0-3ubuntu4.17 for https

Status in curl package in Ubuntu:
  New

Bug description:
  curl-7.47.0-1ubuntu2.2 spent lots of time reading CA certs before
  sending "client hello"; on the other hand, curl 7.22.0 didn't spend
  time reading CA certs before a "client hello" and after "server hello"
  was received and it only read few CA certs. This made significant
  difference in term of response time between 7.22.0 and 7.47.0.

  
  $ cat /etc/lsb-release
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=12.04
  DISTRIB_CODENAME=precise
  DISTRIB_DESCRIPTION="Ubuntu 12.04.5 LTS"

  $ dpkg -l curl
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name                                           Version                      Architecture                 Description
  +++-==============================================-============================-============================-=================================================================================================
  ii  curl                                           7.47.0-1ubuntu2.2            amd64                        command line tool for transferring data with URL syntax

  $ curl -w "@curl-format.txt" https://170.199.194.0:4443/@p1/heartbeat/ -k -s -o /dev/null
  time_namelookup: 0.000
  time_connect: 0.001
  time_appconnect: 0.009
  time_pretransfer: 0.009
  time_redirect: 0.000
  time_starttransfer: 0.011
  ----------
  time_total: 0.011

  
  $ cat /etc/lsb-release
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=16.04
  DISTRIB_CODENAME=xenial
  DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"

  $ dpkg -l curl
  Desired=Unknown/Install/Remove/Purge/Hold
  | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
  |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
  ||/ Name                                           Version                                        Description
  +++-==============================================-==============================================-============================================================================================================
  ii  curl                                           7.22.0-3ubuntu4.17                             Get a file from an HTTP, HTTPS or FTP server

  $ curl -w "@curl-format.txt" https://170.199.194.0:4443/@p1/heartbeat/ -k -s -o /dev/null
  time_namelookup: 0.000
  time_connect: 0.001
  time_appconnect: 0.256
  time_pretransfer: 0.256
  time_redirect: 0.000
  time_starttransfer: 0.257
  ----------
  time_total: 0.257

  
  The problem was that when cul-7.47.0 compiled with gnutls and with --with-ca-path=/etc/ssl/certs, it would read all certificates from the path before sending client hello; on the other hand, when it's compiled libssl and it's fine. I checked the build option for 7.22.0-3ubuntu4.17, only --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt was used.

  curl built with gnutls with --with-ca-bundle and without --with-ca-
  path was still slower than the built with libssl.

  What needs to be done to build 7.47.0 with similar response time for
  https as 7.22.0?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1768112/+subscriptions

More information about the foundations-bugs mailing list