[QGIS-Developer] SSL Performance Overhead

Matthias Kuhn matthias at opengis.ch
Fri Jun 21 06:16:11 PDT 2019 

Hi Andrea,

Thanks a lot for this additional information. How many new connections 
are established in your scenario? I.e. can this be introduced by the 
additional roundtrips for handshake?


I just tried to reproduce this on QGIS here. And in my scenario I could 
not find any evidence for a performance impact. Without SSL I got 110 
seconds, with SSL I got 108 seconds (100 iterations). So even more 
performance (probably not on a statistically relevant level).

The only thing I can think of that I didn't measure in my tests were 
roundtrips (because the server was run locally).

I would like to raise this topic on stackexchange or the postgres 
mailing list to get some more insights. But it would be much easier to 
argue if I could provide a real world example of degraded performance.


Scenario:

   Docker container from the QGIS tests 
(https://github.com/qgis/QGIS/blob/master/.ci/travis/linux/docker-compose.travis.yml)

   docker-compose -f .ci/travis/linux/docker-compose.travis.yml up 
--build postgres

   # wget 
https://github.com/QGEP/datamodel/releases/download/1.3.0/qgep_v1.3.0_structure_and_demo_data.backup

   pg_restore -U docker -d gis -h 172.19.0.2 -1 
qgep_v1.3.0_structure_and_demo_data.backup

   Restart QGIS with ~/.pg_service.conf with

     - `sslmode=require`

     - `sslmode=disabled`

   Running the following snippet

import timeit
def get_features():
     for f in iface.activeLayer().getFeatures():
         pass print(timeit.timeit(get_features, number=100))

Best regards
Matthias

On 6/17/19 1:03 PM, Andrea Aime wrote:
> Hey all,
> sorry to intrude, but I have a bit of related information.
> GeoServer uses the same underlying stack as QGIS, at one point we 
> noticed that the
> reading performance went down, upon investigation it turned out the 
> JDBC driver
> started using SSL by default when available.
>
> So we added a flag to turn off SSL and it indeed helped performance 
> (but not 10 times mind,
> maybe 20-30% on OSM like map like the one rendering at geoserver.org 
> <http://geoserver.org>, did not try on simpler/smaller maps).
> This was a few months ago, not 10 years ago, so yes, SSL 
> encrypt/decrypt is still indeed taking a toll.
>
> Cheers
> Andrea
>
>
> On Mon, Jun 17, 2019 at 12:46 PM Matthias Kuhn <matthias at opengis.ch 
> <mailto:matthias at opengis.ch>> wrote:
>
>     On 6/17/19 12:16 PM, Martin Dobias wrote:
>     > On Mon, Jun 17, 2019 at 12:11 PM Matthias Kuhn
>     <matthias at opengis.ch <mailto:matthias at opengis.ch>> wrote:
>     >> Wouldn't connection pooling be such a change. That certainly was
>     >> introduced after.
>     > Pooling was introduced to deal with multi-threaded rendering and
>     > should not affect that. There always was a connection that was kept
>     > alive while layer(s) using that connection existed.
>
>     Interesting.
>
>     I still can't see any good explanation for the overhead detected 10
>     years ago, do you have an idea what this could be caused by?
>
>     I just can't imagine that an enterprise level database like postgres
>     would suffer from such an issue on the security side.
>
>     Cheers Matthias
>
>     _______________________________________________
>     QGIS-Developer mailing list
>     QGIS-Developer at lists.osgeo.org <mailto:QGIS-Developer at lists.osgeo.org>
>     List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>     Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
>
> -- 
>
> Regards, Andrea Aime == GeoServer Professional Services from the 
> experts! Visit http://goo.gl/it488V for more information. == Ing. 
> Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di 
> Montramito 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 
> 0584 1660272 mob: +39 339 8844549 http://www.geo-solutions.it 
> http://twitter.com/geosolutions_it 
> ------------------------------------------------------- /Con 
> riferimento alla normativa sul trattamento dei dati personali (Reg. UE 
> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si 
> precisa che ogni circostanza inerente alla presente email (il suo 
> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è 
> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il 
> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra 
> operazione è illecita. Le sarei comunque grato se potesse darmene 
> notizia. This email is intended only for the person or entity to which 
> it is addressed and may contain information that is privileged, 
> confidential or otherwise protected from disclosure. We remind that - 
> as provided by European Regulation 2016/679 “GDPR” - copying, 
> dissemination or use of this e-mail or the information herein by 
> anyone other than the intended recipient is prohibited. If you have 
> received this email by mistake, please notify us immediately by 
> telephone or e-mail./
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20190621/3d74f346/attachment-0001.html>

More information about the QGIS-Developer mailing list