daniel:// stenberg://

2 months ago

daniel:// stenberg://
2 months ago

Until improved, I believe the sever performance degradation and memory use compared to #ngtcp2 are reasons enough for us to not recommend #OpenSSL QUIC for use with #curl in production.

Upload speed: ngtcp2 is 2-4x faster.

Memory use: in some tests, OpenSSL uses 25x the amount of memory.

in reply to daniel:// stenberg://

Wolf480pl

in reply to daniel:// stenberg:// 2 months ago

I've seen haproxy docs say that recent OpenSSL versions had a major performance regression - could this be related to what you're seeing?

in reply to Wolf480pl

daniel:// stenberg://

in reply to Wolf480pl 2 months ago

@wolf480pl this is next level regressions though. I mean, this is comparing ngtcp2 using one of the OpenSSL forks, so it seems this is not the same bottleneck haxproxy points to.

@Wolf480pl

in reply to daniel:// stenberg://

Peter Kovář

in reply to daniel:// stenberg:// 2 months ago

Sewer?

in reply to Peter Kovář

Christian Rickert

in reply to Peter Kovář 2 months ago

@1div0
Just imagine an 'r' at the right spot. It's not that hard.

@Peter Kovář

in reply to Christian Rickert

SMillerNL

in reply to Christian Rickert 2 months ago

@christianrickert @1div0 isn’t it supposed to be “severe”?

@Peter Kovář @Christian Rickert

in reply to SMillerNL

daniel:// stenberg://

in reply to SMillerNL 2 months ago

@SMillerNL @christianrickert @1div0 how would you know I wrote it if there aren't a few typos? 😁

@Peter Kovář @SMillerNL @Christian Rickert

in reply to daniel:// stenberg://

Peter Kovář

in reply to daniel:// stenberg:// 2 months ago

@SMillerNL @christianrickert Only A.Y. makes no tyops. Nobodi's perfect.

Cheers!

@SMillerNL @Christian Rickert

in reply to daniel:// stenberg://

DeepBlue V7.X

in reply to daniel:// stenberg:// 2 months ago

For me every http/3 backend in curl causes about 3-10x more CPU usage for background requests (compared to http/2), so we disabled it for now. Excited to hear about improvements and I will revisit it in a year or so. Thanks a lot for your (and all the contributors) work!

in reply to DeepBlue V7.X

daniel:// stenberg://

in reply to DeepBlue V7.X 2 months ago

@deepbluev7 that's currently what QUIC and HTTP/3 does, independently of curl. It is the same in browsers and server-side. Don't expect this to change very fast...

@DeepBlue V7.X

in reply to daniel:// stenberg://

zl2tod

in reply to daniel:// stenberg:// 2 months ago

Sub-tooting Debian Testing at all?

in reply to zl2tod

daniel:// stenberg://

in reply to zl2tod 2 months ago

@zl2tod the only HTTP/3 backend that is non-experimental so far in curl is the ngtcp2 one, which does not work with vanilla OpenSSL. This is part of the reason why Debian builds curl with GnuTLS in unstable

@zl2tod

in reply to daniel:// stenberg://

zl2tod

in reply to daniel:// stenberg:// 2 months ago

Aye.

Debian testing just updated apt:

"apt (2.9.19) unstable; urgency=medium

This release switches to OpenSSL for hashing and TLS, replacing the GnuTLS and gcrypt libraries.

This release switches to Sequoia for OpenPGP verification on supported Debian platforms. A Sequoia policy override enabling SHA1 self-signatures until 2026 is included." ...

⇧

daniel:// stenberg:// 2 months ago • •

daniel:// stenberg://
2 months ago