Sunday, January 3, 2016

The performance of TLS with MySQL Connector/Python

I've ran a simple test to see the performance impact of TLS on MySQL connections with MySQL Connector/Python

The test results are in this Jupyter notebook.

TL;DR:
  • Try to reuse connections if you use TLS
  • Establishing TLS connections is expensive (server & client)
  • Improved performance might be possible in the future by using TLS Tickets
Not tested:
  • Difference between YaSSL and OpenSSL
  • Difference between Ciphersuites
  • Performance of larger resultsets and queries

6 comments:

  1. Hejhej Daniël,

    Thanks for this blog post! Good to know what can make a difference while using TLS.

    At the beginning of your test you mention that the current versions of MySQL do not support SSL at all. Does this not contradict the documentation of MySQL itself. see link: https://dev.mysql.com/doc/refman/5.5/en/using-secure-connections.html

    ReplyDelete
    Replies
    1. Yes the documentation is not really clear on that.

      But from the code:
      https://github.com/mysql/mysql-server/blob/5.5/vio/viosslfactories.c#L225
      https://github.com/mysql/mysql-server/blob/5.6/vio/viosslfactories.c#L228
      https://github.com/mysql/mysql-server/blob/5.7/vio/viosslfactories.c#L534

      So both 5.5 and 5.6 use TLSv1_server_method() which only does TLSv1.0

      MySQL 5.7 (since 5.7.10 iirc) uses SSLv23_server_method which can currently do SSLv2, SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2 (TLSv1.2 only with OpenSSL, not with YaSSL). But as SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 are set it won't do SSLv2 or SSLv3.

      The main issue is that many still refer to TLS as SSL...

      Delete
    2. https://bugs.mysql.com/bug.php?id=79832

      Delete
    3. Looks like 5.0 and 5.1 also only supported TLSv1.0

      Delete