From aea336aa231540c9d638939774474fc24b465ed5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Edwin=20T=C3=B6r=C3=B6k?= Date: Fri, 6 Jun 2025 16:23:29 +0100 Subject: [PATCH] openssl: enable readahead MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Speeds up TLS operations up to ~%13. Closes #17548 Signed-off-by: Edwin Török --- lib/vtls/openssl.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 464302dc86..f019fb2410 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -122,6 +122,12 @@ static void ossl_provider_cleanup(struct Curl_easy *data); #endif +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L && \ + !defined(LIBRESSL_VERSION_NUMBER) && \ + !defined(OPENSSL_IS_BORINGSSL)) + #define HAVE_SSL_CTX_SET_DEFAULT_READ_BUFFER_LEN 1 +#endif + #include "../curlx/warnless.h" /* The last #include files should be: */ @@ -4112,6 +4118,21 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, } SSL_CTX_set_options(octx->ssl_ctx, ctx_options); + SSL_CTX_set_read_ahead(octx->ssl_ctx, 1); + + /* Max TLS1.2 record size 0x4000 + 0x800. + OpenSSL supports processing "jumbo TLS record" (8 TLS records) in one go + for some algorithms, so match that here. + Experimentation shows that a slightly larger buffer is needed + to avoid short reads. + + However using a large buffer (8 packets) actually decreases performance. + 4 packets is better. + */ + +#ifdef HAVE_SSL_CTX_SET_DEFAULT_READ_BUFFER_LEN + SSL_CTX_set_default_read_buffer_len(octx->ssl_ctx, 0x401e * 4); +#endif #ifdef SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER /* We do retry writes sometimes from another buffer address */ -- 2.47.3