AcornSSL speed

I am looking to use AcornSSL + AcornHTTP + URL to implement a fetcher without all that socket nonsense. I have some test code and, actually, it doesn’t seem that complicated once you realise that URL_GetURL does nothing useful. ;-)

Thing is…

*FetchTest
Invoking https fetch
SSL connection took 1339cs, connection established now
Fetch of 39805 bytes took 1809cs
Dump of received data follows:
<html xmlns="hxxp://www.w3.org/1999/xhtml" dir="ltr" lang="en" x
ml:lang="en">.<head>.<meta http-equiv="Content-Type" content="te
xt/html; charset=utf-8" />.<meta name="description" content="Rea
[big snip!]

So there’s nothing appearing to happen for the first ~13 seconds, and it takes a further five seconds to retrieve a little under 40K? 18 seconds all in.
[ARMv7 Pi2 running at 900MHz]

Is it usually this slow? It’s not a buffer issue, I fed it a buffer of 1024000 bytes to simplify the initial test code.
Behaviour is similar whether command line or TaskWindow.
Behaviour is similar with different SSL sites.

Comparison: SecureSockets – connected in 16cs, fetch completed in 51cs. Half a second!

That connection time sounds about “normal” for AcornSSL – most of my non-SSL email fetches have completed before the SSL ones connect. I was told it was the certificate handling that took the time.

Once connected, throughput isn’t generally too bad (fetching emails doesn’t seem wildly slower than it was with SecureSockets), although I am now a bit worried to see how the forthcoming AcornSSL-IMAP client behaves. It was hardly speedy normally, due to the size of modern IMAP boxes (eg. gmail etc). Gulp!

That connection time sounds about “normal” for AcornSSL

In my own testing, AcornSSL connection has taken around half a second on a Pi 3. Admittedly that’s mostly been with local servers so I’ll give it a go with some overseas ones tonight, in case there’s some “back and forth” latency getting in the way.

Well, I tried ROOL’s home page (270 ms away) and it took about a second. I know a Pi 2 is a bit slower, but it can’t be that much, can it? I’m in C, using HTTPLib.

Module versions on my machine are:

• AcornSSL 1.04
• AcornHTTP 1.00
• URL 0.58
• Internet 5.64 (the app is 5.64 but the module itself is 5.63).

Edit: I just transplanted everything into my Pi 1 and re-ran the same test, and it took about 3 seconds.

Module versions on my machine are:

AcornSSL 1.04
AcornHTTP 1.00
URL 0.58
Internet 5.64 (the app is 5.64 but the module itself is 5.63).

What does the resolve of URL’s (like in the certificate chain) to IP’s?

That’ll be Resolver :) (version 0.72 on my machine).

That’ll be Resolver :) (version 0.72 on my machine).

No doubt the same version on other machine.
Build date 2015, which was probably only an update to take out some obvious bug or incompatibility with current hardware.

If you concoct a means of putting the current time into a file, sending a query through Resolver and putting out the time again when the resolve is complete and repeat for various sites that could give a marker for how fast things are in that portion of the chain.

On a PC if you type

prompt $t

into a command window then paste in a newline followed by

nslookup www.riscosopen.org

The output is along the lines of:

19:24:53.83nslookup www.riscosopen.org 81.139.56.100
Server: UnKnown
Address: 81.139.56.100

Non-authoritative answer:
Name: www.riscosopen.org
Address: 91.203.57.172

19:24:54.98

From which you will note the DNS client in the PC managed to send and get back the response from my ISP DNS in 0.11 seconds.

Anyone wishing to try different DNS servers can use say google public DNS with
nslookup www.riscosopen.org 8.8.8.8

I ought to point out, the SecureSockets “done in half a second” was done first and the time started from the beginning of the operation, including the lookup (to compare like with like, as I imagine URL or whatever does that for itself too.

I would hope that the resolver would cache a number of lookups for a length of time; but given the lack of source, sniffing the line to see what’s going on would be the only way to determine.

Most ISP lookups ought to be reasonably fast these days. Fast enough that one doesn’t notice the multiple chain of lookups that actually happen… Resolver asks the Livebox. The Livebox says dunno and asks Orange. Orange says dunno and looks to see who deals with .org and asks them. They say blah to Orange and Orange says blah to the Livebox and the Livebox says blah to Resolver which then says “I know the IP address for this name” and looking all smug despite the fact that everything else did all the work…

Most ISP lookups ought to be reasonably fast these days. Fast enough that one doesn’t notice the multiple chain of lookups that actually happen…

Comparison with PC results was aimed to narrow the investigation – if the DNS element of the certificate lookup/check is OK then the problem somewhere else.

then the problem somewhere else.

Bizarre. Just tried to fetch my blog index again, it took exactly a jiffy. No idea WTF was going on with the huge delay.

Shame. This is going to bug the hell out of me now. Something happened, but what? Can it be reproduced? Etc. Etc.

Bizarre. Just tried to fetch my blog index again, it took exactly a jiffy. No idea WTF was going on with the huge delay.

Dunno, but the forum was giving “under heavy load” messages for the last few hours. When I did get to read stuff there the first thing I noticed was messages from one Rick Murray :)

Just sayin…

was messages from one Rick Murray :)

Had the site not been acting up, there would have been more.

Just sayin… ;-)

Had the site not been acting up, there would have been more.

Ah, OK. I thought you’d sprained a finger or something. :)

Anyway, have you reproduced the slow response or has it gone into hiding now?

I’ve found on the Raspberry Pi 3, downloading email over SSL is slower.
Asking Hermes to check for email using SSL takes approx 9 seconds, using the same Email server without SSL, this takes approx 3 seconds.