The test results are in this Jupyter notebook.
TL;DR:
- Try to reuse connections if you use TLS
- Establishing TLS connections is expensive (server & client)
- Improved performance might be possible in the future by using TLS Tickets
- Difference between YaSSL and OpenSSL
- Difference between Ciphersuites
- Performance of larger resultsets and queries
Hejhej Daniël,
ReplyDeleteThanks for this blog post! Good to know what can make a difference while using TLS.
At the beginning of your test you mention that the current versions of MySQL do not support SSL at all. Does this not contradict the documentation of MySQL itself. see link: https://dev.mysql.com/doc/refman/5.5/en/using-secure-connections.html
Yes the documentation is not really clear on that.
DeleteBut from the code:
https://github.com/mysql/mysql-server/blob/5.5/vio/viosslfactories.c#L225
https://github.com/mysql/mysql-server/blob/5.6/vio/viosslfactories.c#L228
https://github.com/mysql/mysql-server/blob/5.7/vio/viosslfactories.c#L534
So both 5.5 and 5.6 use TLSv1_server_method() which only does TLSv1.0
MySQL 5.7 (since 5.7.10 iirc) uses SSLv23_server_method which can currently do SSLv2, SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2 (TLSv1.2 only with OpenSSL, not with YaSSL). But as SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 are set it won't do SSLv2 or SSLv3.
The main issue is that many still refer to TLS as SSL...
https://bugs.mysql.com/bug.php?id=79832
DeleteLooks like 5.0 and 5.1 also only supported TLSv1.0
DeleteThnx Daniël!
ReplyDelete