Clemens<p>Another commit landed in <a href="https://chaos.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a>: <a href="https://github.com/openssl/openssl/commit/6b93db7bfd572e81fac581c5be7b0d7509febb80" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/openssl/openssl/com</span><span class="invisible">mit/6b93db7bfd572e81fac581c5be7b0d7509febb80</span></a></p><p>This time, it's a drive-by thing inspired by <span class="h-card" translate="no"><a href="https://social.wildeboer.net/@jwildeboer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jwildeboer</span></a></span> who's working on S/MIME X.509 certificates: the X.509 standards renamed one of the bits in the keyUsage extension from `nonRepudiation` to `contentCommitment`, and OpenSSL only understood the old name.</p><p>Slowly improving the world one commit at a time.</p>
mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog
Verwaltet von:
Serverstatistik:
1,4 Tsd.aktive Profile
mastodontech.de: Über · Status · Profilverzeichnis · Datenschutzerklärung
Mastodon: Über · App herunterladen · Tastenkombinationen · Quellcode anzeigen · v4.4.3
#openssl
6 Beiträge · 5 Beteiligte · 0 Beiträge heute
Timo J<p><span class="h-card" translate="no"><a href="https://rattodon.nexus/@rolenthedeep" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rolenthedeep</span></a></span> I guess I’m in the 1% who doesn’t care what <a href="https://mastodon.online/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> does from a UX perspective but would prefer it did a better job keeping <a href="https://mastodon.online/tags/libcurl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libcurl</span></a>, <a href="https://mastodon.online/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a>, and other core libraries up to date.</p>
Richard Levitte<p><span class="h-card" translate="no"><a href="https://mastodon.sl/@afink" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>afink</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span> <a href="https://mastodon.nu/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> has some migration guides, are those functions not included in there?<br>Which two?</p>
daniel:// stenberg://<p>I nominate <a href="https://docs.openssl.org/3.3/man3/d2i_X509/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.openssl.org/3.3/man3/d2i_</span><span class="invisible">X509/</span></a> as <a href="https://mastodon.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a>'s worst man page. And there's fierce competition for that award.</p><p>And in the end it does not even mention the weird behavior: it stores errors in an internal queue which mysteriously makes the *next* invoked function fail...</p>
Nicola Tuveri<p><a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> 📢 -- OpenSSL Foundation endorses UN Open Source Principles</p><p>🔗 <a href="https://openssl-foundation.org/post/2025-08-07-un-open-source-principles/?utm_source=atom_feed" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">openssl-foundation.org/post/20</span><span class="invisible">25-08-07-un-open-source-principles/?utm_source=atom_feed</span></a></p><p>From <a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> -- Blog on OpenSSL Foundation</p>
Clemens<p>Improving the world, one PR at a time: <a href="https://github.com/smallstep/crypto/pull/811" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/smallstep/crypto/pu</span><span class="invisible">ll/811</span></a></p><p>The next release of <a href="https://chaos.social/tags/smallstep" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smallstep</span></a> step-ca will accept the old name "nonRepudiation" in the X.509v3 keyUsage extension as a UX improvement for users coming from, e.g., <a href="https://chaos.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a>.</p><p>Inspired by <span class="h-card" translate="no"><a href="https://social.wildeboer.net/@jwildeboer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jwildeboer</span></a></span>: <a href="https://social.wildeboer.net/@jwildeboer/114964280013823176" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">social.wildeboer.net/@jwildebo</span><span class="invisible">er/114964280013823176</span></a><br>This stuff is hard enough without such pitfalls, no need to make it more complicated by green bikesheds, er, naming discussions.</p><p><a href="https://chaos.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a></p>
Clemens<p>'We are pleased to inform you that we accept your proposal “<a href="https://chaos.social/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedHat</span></a>'s path to post-quantum cryptography with OpenSSL” for the <a href="https://chaos.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> Conference'</p><p>Looks like I'm going to Prague in October!</p>
testssl.sh :verified:<p>testssl.sh makes it easier now for also for MacOS users to run a <a href="https://infosec.exchange/tags/QUIC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QUIC</span></a> protocol test -- if you have <a href="https://infosec.exchange/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a> from e.g. <a href="https://infosec.exchange/tags/homebrew" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homebrew</span></a> installed.</p><p>It automagically uses that one for testing QUIC then, in 3.3dev.</p>
KielKontrovers Blog<p><span class="h-card" translate="no"><a href="https://norden.social/@nilz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nilz</span></a></span> hatte schon befürchtet, dass der Podcast diese Vorurteile aufgreift. Diese Einzelentwickler*innen gibt es auch, aber ist nicht die Masse.OSS ist Big Business, problematisch sind manchmal kleine Projekte, die tatsächlich wichtig sind, aber zu wenig betreut, siehe auch <a href="https://norden.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> .Diese kleinen Projekte, die nicht essentiell sind, sind nicht so bedeutend oder problematisch, wenn was schief geht. Fehler gibt es ja auch bei closed source, das ist kein Alleinstellungsmerkmal.</p>
Richard Levitte<p><span class="h-card" translate="no"><a href="https://mastodon.social/@Viss" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Viss</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span><br>For some, it seems to work. My experience of bug bounties (through <a href="https://mastodon.nu/tags/openssl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openssl</span></a>) has mostly been slop, even before AI entered the scene. <span class="h-card" translate="no"><a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bagder</span></a></span> has had a better experience, it seems.</p>
Felix Palmen :freebsd: :c64:<p>Just released: <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a> 0.12 🥂</p><p>swad is the "Simple Web Authentication Daemon". It basically offers adding form + <a href="https://mastodon.bsd.cafe/tags/cookie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cookie</span></a> <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> to your reverse proxy (designed for and tested with <a href="https://mastodon.bsd.cafe/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nginx</span></a> "auth_request"). I created it mainly to defend against <a href="https://mastodon.bsd.cafe/tags/malicious_bots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malicious_bots</span></a>, so among other credential checker modules for "real" logins, it offers a proof-of-work mechanism for guest logins doing the same <a href="https://mastodon.bsd.cafe/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a> <a href="https://mastodon.bsd.cafe/tags/challenge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>challenge</span></a> known from <a href="https://mastodon.bsd.cafe/tags/Anubis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anubis</span></a>.</p><p>swad is written in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>C</span></a> with minimal dependencies (<a href="https://mastodon.bsd.cafe/tags/zlib" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zlib</span></a>, <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> or compatible, and optionally <a href="https://mastodon.bsd.cafe/tags/PAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PAM</span></a>), and designed to work on any <a href="https://mastodon.bsd.cafe/tags/POSIX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>POSIX</span></a> system. It compiles to a small binary (200 - 300 kiB depending on compiler and target platform).</p><p>This release brings (among a few bugfixes) improvements to make swad fit for "heavy load" scenarios: There's a new option to balance the load across multiple service worker threads, so all cores can be fully utilized if necessary, and it now keeps lots of transient objects in pools for reuse, which helps to avoid memory fragmentation and ultimately results in lower overall memory consumption.</p><p>Read more about it, download the .tar.xz, build and install it .... here:</p><p><a href="https://github.com/Zirias/swad" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Zirias/swad</span><span class="invisible"></span></a></p>
daniel:// stenberg://<p>Would you say this is an accurate description of (some of the) <a href="https://mastodon.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> forks family tree?</p><p>(These are the OpenSSL forks <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> supports.)</p>
Nicola Tuveri<p>I’ve been elected to represent the Academic community in the OpenSSL’s Foundation BAC/TAC and Corporation TAC! 🎓🔐</p><p>If you’re working in crypto, systems security, or FOSS research, join the conversation on the OpenSSL Communities Forum—especially the Academic community. Your input can shape OpenSSL’s roadmap.</p><p><a href="https://openssl-communities.org/d/4cn9aVQH/welcome-from-your-academic-representative-in-the-openssl-foundation-bac-tac-and-corporation-tacs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">openssl-communities.org/d/4cn9</span><span class="invisible">aVQH/welcome-from-your-academic-representative-in-the-openssl-foundation-bac-tac-and-corporation-tacs</span></a></p><p><a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> <a href="https://floss.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://floss.social/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a> <a href="https://floss.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://floss.social/tags/Academia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Academia</span></a> <a href="https://floss.social/tags/AcademicChatter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AcademicChatter</span></a></p>
Nicola Tuveri<p><a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> 📢 -- OpenSSL Foundation is hiring Software Engineer (C Developer)</p><p>🔗 <a href="https://openssl-library.org/post/2025-06-19-foundation-sw-engineer/?utm_source=atom_feed" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">openssl-library.org/post/2025-</span><span class="invisible">06-19-foundation-sw-engineer/?utm_source=atom_feed</span></a></p><p>From <a href="https://floss.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> -- Blog on OpenSSL Library</p>
Felix Palmen :freebsd: :c64:<p>I need help. First the question: On <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a>, with all ports built with <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreSSL</span></a>, can I somehow use the <a href="https://mastodon.bsd.cafe/tags/clang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>clang</span></a> <a href="https://mastodon.bsd.cafe/tags/thread" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thread</span></a> <a href="https://mastodon.bsd.cafe/tags/sanitizer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanitizer</span></a> on a binary actually using LibreSSL and get sane output?</p><p>What I now observe debugging <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a>:</p><p>- A version built with <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> (from base) doesn't crash. At least I tried very hard, really stressing it with <a href="https://mastodon.bsd.cafe/tags/jmeter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jmeter</span></a>, to no avail. Built with LibreSSL, it does crash.<br>- Less relevant: the OpenSSL version also performs slightly better, but needs almost twice the RAM<br>- The thread sanitizer finds nothing to complain when built with OpenSSL<br>- It complains a lot with LibreSSL, but the reports look "fishy", e.g. it seems to intercept some OpenSSL API functions (like SHA384_Final)<br>- It even complains when running with a single-thread event loop.<br>- I use a single SSL_CTX per listening socket, creating SSL objects from it per connection ... also with multithreading; according to a few sources, this should be supported and safe.<br>- I can't imagine doing that on a *single* thread could break with LibreSSL, I mean, this would make SSL_CTX pretty much pointless<br>- I *could* imagine sharing the SSL_CTX with multiple threads to create their SSL objects from *might* not be safe with LibreSSL, but no idea how to verify as long as the thread sanitizer gives me "delusional" output 😳</p>
LibreQoS<p>Short stop at <span class="h-card" translate="no"><a href="https://fosstodon.org/@devconf_cz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>devconf_cz</span></a></span> 2025! Always great to meet <span class="h-card" translate="no"><a href="https://social.kernel.org/users/toke" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>toke</span></a></span> of <a href="https://fosstodon.org/tags/FQ_CoDel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FQ_CoDel</span></a> (<a href="https://fosstodon.org/tags/RFC8290" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC8290</span></a>) & <a href="https://fosstodon.org/tags/sch_CAKE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sch_CAKE</span></a> fame 🙏🛜</p><p>Check out his talk “Beware of the <a href="https://fosstodon.org/tags/kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kernel</span></a> RTNL <a href="https://fosstodon.org/tags/mutex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mutex</span></a>”:</p><p><a href="https://pretalx.devconf.info/devconf-cz-2025/talk/WQDUDJ/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">pretalx.devconf.info/devconf-c</span><span class="invisible">z-2025/talk/WQDUDJ/</span></a></p><p><a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://fosstodon.org/tags/defineFUTURE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defineFUTURE</span></a> <a href="https://fosstodon.org/tags/latency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>latency</span></a> <a href="https://fosstodon.org/tags/devconf_cz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devconf_cz</span></a> <a href="https://fosstodon.org/tags/LibreQoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreQoS</span></a> <a href="https://fosstodon.org/tags/bufferbloat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bufferbloat</span></a> <a href="https://fosstodon.org/tags/QoE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QoE</span></a> <a href="https://fosstodon.org/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a> <a href="https://fosstodon.org/tags/jitter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jitter</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedHat</span></a> <a href="https://fosstodon.org/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> <a href="https://fosstodon.org/tags/DevConf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevConf</span></a> <a href="https://fosstodon.org/tags/TokeHoilandJorgensen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TokeHoilandJorgensen</span></a> <a href="https://fosstodon.org/tags/QoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QoS</span></a></p>
Hacker News<p>Apps shouldn't let users enter OpenSSL cipher-suite strings</p><p><a href="https://00f.net/2025/06/06/cipher-suites/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">00f.net/2025/06/06/cipher-suit</span><span class="invisible">es/</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> <a href="https://mastodon.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> <a href="https://mastodon.social/tags/cipher" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cipher</span></a>-suites <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/bestpractices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bestpractices</span></a> <a href="https://mastodon.social/tags/softwaredevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwaredevelopment</span></a></p>
PurpleJillybeans :PrideDisk:<p>:DuckDuckGo: <a href="https://kind.social/tags/DuckDuckFedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DuckDuckFedi</span></a> :</p><p>Where could I find docs for historical versions of <a href="https://kind.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a>? I'm trying to set up a CA for <a href="https://kind.social/tags/RetroComputing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RetroComputing</span></a> machines with OpenSSL 0.9.6b, but the little bit of documentation that came with it isn't telling me much. Basically need to create a CA certificate I can put on client machines so that they won't complain about self-signed certs.</p>
daniel:// stenberg://<p>"download time is reduced by ~13%" (for <a href="https://mastodon.social/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a>)</p><p>... by adding some odd <a href="https://mastodon.social/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> functions we didn't know existed.</p><p><a href="https://github.com/curl/curl/pull/17548" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/curl/curl/pull/17548</span><span class="invisible"></span></a></p>
Felix Palmen :freebsd: :c64:<p>More interesting progress trying to make <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a> suitable for very busy sites!</p><p>I realized that <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> (both with <a href="https://mastodon.bsd.cafe/tags/OpenSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSSL</span></a> and <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreSSL</span></a>) is a *major* bottleneck. With TLS enabled, I couldn't cross 3000 requests per second, with somewhat acceptable response times (most below 500ms). Disabling TLS, I could really see the impact of a <a href="https://mastodon.bsd.cafe/tags/lockfree" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lockfree</span></a> queue as opposed to one protected by a <a href="https://mastodon.bsd.cafe/tags/mutex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mutex</span></a>. With the mutex, up to around 8000 req/s could be reached on the same hardware. And with a lockfree design, that quickly went beyond 10k req/s, but crashed. 😆</p><p>So I read some scientific papers 🙈 ... and redesigned a lot (*). And now it finally seems to work. My latest test reached a throughput of almost 25k req/s, with response times below 10ms for most requests! I really didn't expect to see *this* happen. 🤩 Maybe it could do even more, didn't try yet.</p><p>Open issue: Can I do something about TLS? There *must* be some way to make it perform at least a *bit* better...</p><p>(*) edit: Here's the design I finally used, with a much simplified "dequeue" because the queues in question are guaranteed to have only a single consumer: <a href="https://dl.acm.org/doi/10.1145/248052.248106" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dl.acm.org/doi/10.1145/248052.</span><span class="invisible">248106</span></a></p>
AngesagtLive-Feeds
Mastodon ist der beste Zugang, um auf dem Laufenden zu bleiben.
Du kannst jedem im Fediverse folgen und alles in chronologischer Reihenfolge sehen. Keine Algorithmen, Werbung oder Clickbaits vorhanden.
Konto erstellenAnmeldenZum Hochladen hereinziehen