[QGIS-Developer] SSL Performance Overhead
Matthias Kuhn
matthias at opengis.ch
Fri Jun 21 06:16:11 PDT 2019
Hi Andrea,
Thanks a lot for this additional information. How many new connections
are established in your scenario? I.e. can this be introduced by the
additional roundtrips for handshake?
I just tried to reproduce this on QGIS here. And in my scenario I could
not find any evidence for a performance impact. Without SSL I got 110
seconds, with SSL I got 108 seconds (100 iterations). So even more
performance (probably not on a statistically relevant level).
The only thing I can think of that I didn't measure in my tests were
roundtrips (because the server was run locally).
I would like to raise this topic on stackexchange or the postgres
mailing list to get some more insights. But it would be much easier to
argue if I could provide a real world example of degraded performance.
Scenario:
Docker container from the QGIS tests
(https://github.com/qgis/QGIS/blob/master/.ci/travis/linux/docker-compose.travis.yml)
docker-compose -f .ci/travis/linux/docker-compose.travis.yml up
--build postgres
# wget
https://github.com/QGEP/datamodel/releases/download/1.3.0/qgep_v1.3.0_structure_and_demo_data.backup
pg_restore -U docker -d gis -h 172.19.0.2 -1
qgep_v1.3.0_structure_and_demo_data.backup
Restart QGIS with ~/.pg_service.conf with
- `sslmode=require`
- `sslmode=disabled`
Running the following snippet
import timeit
def get_features():
for f in iface.activeLayer().getFeatures():
pass print(timeit.timeit(get_features, number=100))
Best regards
Matthias
On 6/17/19 1:03 PM, Andrea Aime wrote:
> Hey all,
> sorry to intrude, but I have a bit of related information.
> GeoServer uses the same underlying stack as QGIS, at one point we
> noticed that the
> reading performance went down, upon investigation it turned out the
> JDBC driver
> started using SSL by default when available.
>
> So we added a flag to turn off SSL and it indeed helped performance
> (but not 10 times mind,
> maybe 20-30% on OSM like map like the one rendering at geoserver.org
> <http://geoserver.org>, did not try on simpler/smaller maps).
> This was a few months ago, not 10 years ago, so yes, SSL
> encrypt/decrypt is still indeed taking a toll.
>
> Cheers
> Andrea
>
>
> On Mon, Jun 17, 2019 at 12:46 PM Matthias Kuhn <matthias at opengis.ch
> <mailto:matthias at opengis.ch>> wrote:
>
> On 6/17/19 12:16 PM, Martin Dobias wrote:
> > On Mon, Jun 17, 2019 at 12:11 PM Matthias Kuhn
> <matthias at opengis.ch <mailto:matthias at opengis.ch>> wrote:
> >> Wouldn't connection pooling be such a change. That certainly was
> >> introduced after.
> > Pooling was introduced to deal with multi-threaded rendering and
> > should not affect that. There always was a connection that was kept
> > alive while layer(s) using that connection existed.
>
> Interesting.
>
> I still can't see any good explanation for the overhead detected 10
> years ago, do you have an idea what this could be caused by?
>
> I just can't imagine that an enterprise level database like postgres
> would suffer from such an issue on the security side.
>
> Cheers Matthias
>
> _______________________________________________
> QGIS-Developer mailing list
> QGIS-Developer at lists.osgeo.org <mailto:QGIS-Developer at lists.osgeo.org>
> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
>
> --
>
> Regards, Andrea Aime == GeoServer Professional Services from the
> experts! Visit http://goo.gl/it488V for more information. == Ing.
> Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di
> Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39
> 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
> ------------------------------------------------------- /Con
> riferimento alla normativa sul trattamento dei dati personali (Reg. UE
> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
> precisa che ogni circostanza inerente alla presente email (il suo
> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
> operazione è illecita. Le sarei comunque grato se potesse darmene
> notizia. This email is intended only for the person or entity to which
> it is addressed and may contain information that is privileged,
> confidential or otherwise protected from disclosure. We remind that -
> as provided by European Regulation 2016/679 “GDPR” - copying,
> dissemination or use of this e-mail or the information herein by
> anyone other than the intended recipient is prohibited. If you have
> received this email by mistake, please notify us immediately by
> telephone or e-mail./
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20190621/3d74f346/attachment-0001.html>
More information about the QGIS-Developer
mailing list