HTTPS handshake performance

[sebastienros]

We detected a regression on the Connection Close HTTPS scenario, which hits Plaintext with "Connection: Close" header in order to simulate an https handshake.

The regression is only Linux, and is due to updating an expired self-signed test certificate to a valid one.

Benchmark	RPS
Windows	15,000
Linux - Expired cert.	7,500
Linux - Valid cert.	2,000

Note that these results are identical on both net5.0 and net6.0. We then measured the same scenario on NodeJS, with both certificates, and got identical results of 20,000 RPS.

We took traces for Linux on net6.0 that are available here (nettrace format):

• with valid cert
• with expired cert

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

---

We detected a regression on the Connection Close HTTPS scenario, which hits Plaintext with "Connection: Close" header in order to simulate an https handshake.

The regression is only Linux, and is due to updating an expired self-signed test certificate to a valid one.

Benchmark	RPS
Windows	15,000
Linux - Invalid cert.	7,500
Linux - Valid cert.	2,000

Note that these results are identical on both net5.0 and net6.0. We then measured the same scenario on NodeJS, with both certificates, and got identical results of 20K RPS.

We took traces for Linux on net6.0 that are available here (nettrace format):

• with valid cert
• with invalid cert

Author:	sebastienros
Assignees:	-
Labels:	area-System.Security, tenet-performance, untriaged
Milestone:	-

[sebastienros]

Crank commands to reproduce the numbers, or validate fixes:

With valid cert

crank  --config https://raw.githubusercontent.com/aspnet/Benchmarks/main/scenarios/plaintext.benchmarks.yml --scenario connectionclosehttps --profile aspnet-citrine-lin --application.framework net6.0 --application.options.collectcounters true --chart --variable connections=32 --variable warmup=2 --variable duration=10 --application.options.counterProviders System.Runtime --application.options.counterProviders Microsoft-AspNetCore-Server-Kestrel 

actual cert file

With invalid cert

--application.source.branchOrCommit "#6843980"

Collecting a trace

--application.dotnetTrace true

Using a custom local builds

--application.options.outputFiles c:\code\fix\*.dll

[stephentoub]

cc: @wfurt

[wfurt]

Do you have link to the updated (and old) certificate @sebastienros? Are you sure the key size and algorithm is same? If not, differences should be expected. (there are some tests in perf repo to show the difference)

[sebastienros]

I believe they might be different. The numbers on Windows and NodeJS were the same with the two, but I understand it might still be a reason for the measured difference.
I shared a direct link to the new one in the previous post, but here is the history of the file so you get the two versions: https://github.com/aspnet/Benchmarks/commits/main/src/Benchmarks/testCert.pfx
Passphrase is "testPassword".

[wfurt]

What client do you use to drive this test? Is that .NET app and what platform? I will look at the certs tomorrow and I can feed them micro benchmark in perf repo.

[davidfowl]

What client do you use to drive this test?

We used wrk to drive the test.

Is that .NET app and what platform?

Yes and the test where the regression showed up was Linux.

[wfurt]

That make sense. Windows & NodeJS can do TLS resume. So you actually use the certificate just once and after the session is resumed without asymmetric crypto. This should be easy to verify.

[sebastienros]

This should be easy to verify

Are you checking yourself?

Windows & NodeJS can do TLS resume

Is that something we can expect to be done in net.6.0?

[wfurt]

I was planning to but I think standard micro-benchmarks from performance repo are pretty clear:

[2021/03/22 12:55:08][INFO] | TLS12HandshakeECDSA256CertAsync |  2,028.87 us |    38.441 us |    34.077 us |  2,020.24 us |  1,995.951 us |  2,092.33 us |       - |     - |     - |  24,864 B |
[2021/03/22 12:55:08][INFO] | TLS12HandshakeECDSA512CertAsync |  4,319.21 us |    93.465 us |   107.634 us |  4,316.52 us |  4,177.668 us |  4,553.04 us |       - |     - |     - |  25,087 B |
[2021/03/22 12:55:08][INFO] |  TLS12HandshakeRSA1024CertAsync |  1,822.65 us |    34.210 us |    32.000 us |  1,817.37 us |  1,780.127 us |  1,872.87 us |       - |     - |     - |  25,056 B |
[2021/03/22 12:55:08][INFO] |  TLS12HandshakeRSA2048CertAsync |  2,388.83 us |    56.801 us |    63.134 us |  2,377.40 us |  2,303.985 us |  2,525.52 us |       - |     - |     - |  25,451 B |
[2021/03/22 12:55:08][INFO] |  TLS12HandshakeRSA4096CertAsync |  8,138.92 us |   156.306 us |   173.734 us |  8,134.26 us |  7,868.292 us |  8,478.57 us |       - |     - |     - |  26,286 B |

The old key was 2048 bits so you should see ~ 4X degradation. Bigger keys -> more crypto and that does not come free.

This is run on Windows on somewhat similar machine

[2021/03/22 13:10:13][INFO] | TLS12HandshakeECDSA256CertAsync |  4,876.51 us | 82.766 us | 73.370 us |  4,871.39 us |  4,740.94 us |  5,024.82 us |      - |     - |     - |  19,506 B |
[2021/03/22 13:10:13][INFO] |  TLS12HandshakeRSA1024CertAsync |  4,011.38 us | 45.267 us | 40.128 us |  4,014.02 us |  3,933.36 us |  4,076.71 us |      - |     - |     - |  19,698 B |
[2021/03/22 13:10:13][INFO] |  TLS12HandshakeRSA2048CertAsync |  4,917.13 us | 40.950 us | 38.304 us |  4,915.16 us |  4,851.72 us |  4,990.58 us |      - |     - |     - |  20,082 B |
[2021/03/22 13:10:13][INFO] |  TLS12HandshakeRSA4096CertAsync | 10,942.73 us | 98.885 us | 82.573 us | 10,901.96 us | 10,859.95 us | 11,162.91 us |      - |     - |     - |  20,823 B |

The reason why windows show drop as well is because the test is crafted to prevent resume and measure performance of actual handshake.
https://github.com/dotnet/performance/blob/56a662690aa7cfc0fdffedb3dfd5beeb8fea1058/src/benchmarks/micro/libraries/System.Net.Security/SslStreamTests.cs#L161

I think you can either

1. regenerate new certificate with same key size -> that should give you same perf back
2. accept the difference. The actual real impact will depend on what people are using in real scenarios
3. modify (or add) the test to force full handshake on all platforms -> it should give you more comparable results
4. add/modify test to track impact of algorithm and key size.

The gap is tracked by #22977. I had prototype for sever at some point but I never finished that to product. While this is on my TODO list it is not currently targeted for 6.0. It still may happen but I'm getting to many distractions lately.