Ubuntu
curl package

7.47.0-1ubuntu2.2 is much slower than 7.22.0-3ubuntu4.17 for https

Bug #1768112 reported by Shawn Zhou
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
curl (Ubuntu)
New
Undecided
Unassigned

Bug Description

curl-7.47.0-1ubuntu2.2 spent lots of time reading CA certs before sending "client hello"; on the other hand, curl 7.22.0 didn't spend time reading CA certs before a "client hello" and after "server hello" was received and it only read few CA certs. This made significant difference in term of response time between 7.22.0 and 7.47.0.

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04.5 LTS"

$ dpkg -l curl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-==============================================-============================-============================-=================================================================================================
ii curl 7.47.0-1ubuntu2.2 amd64 command line tool for transferring data with URL syntax

$ curl -w "@curl-format.txt" https://170.199.194.0:4443/@p1/heartbeat/ -k -s -o /dev/null
time_namelookup: 0.000
time_connect: 0.001
time_appconnect: 0.009
time_pretransfer: 0.009
time_redirect: 0.000
time_starttransfer: 0.011
----------
time_total: 0.011

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"

$ dpkg -l curl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============================================-==============================================-============================================================================================================
ii curl 7.22.0-3ubuntu4.17 Get a file from an HTTP, HTTPS or FTP server

$ curl -w "@curl-format.txt" https://170.199.194.0:4443/@p1/heartbeat/ -k -s -o /dev/null
time_namelookup: 0.000
time_connect: 0.001
time_appconnect: 0.256
time_pretransfer: 0.256
time_redirect: 0.000
time_starttransfer: 0.257
----------
time_total: 0.257

The problem was that when cul-7.47.0 compiled with gnutls and with --with-ca-path=/etc/ssl/certs, it would read all certificates from the path before sending client hello; on the other hand, when it's compiled libssl and it's fine. I checked the build option for 7.22.0-3ubuntu4.17, only --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt was used.

curl built with gnutls with --with-ca-bundle and without --with-ca-path was still slower than the built with libssl.

What needs to be done to build 7.47.0 with similar response time for https as 7.22.0?

Revision history for this message
Shawn Zhou (szhou5495) wrote :

strace output of curl 7.47.0

Revision history for this message
Shawn Zhou (szhou5495) wrote :

strace output of curl 7.22.0

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.