[gnutls-help] gnutls + courier-imap => very slow

Sam Varshavchik mrsam at courier-mta.com
Fri Jan 10 05:46:51 CET 2014

Lenz Weber writes:

> Hello,
> I'm currently investigating some serious performance problems when using
> courier-0.66.1ubuntu4 in combination with
> gnutls-3.0.11+really2.12.14-5ubuntu3.5, which would be the usual
> combination if one were to compile courier using the --with-gnutls
> config flag in the lastest Ubuntu LTS version 12.04.

The key part in the strace, here, http://paste.ubuntu.com/6724497/ starting  
around line 500. What should be happening there is nothing more than a  
read()ing a nicely-sized chunk from a pipe, file descriptor 6, and then  
tossing the whole thing to gnutls_record_send() which writes it to a socket  
on file descriptor 0.

Between each call to read(), and a subsequent writev() of the encrypted  
chunk, there are two sets of calls gettimeofday(), getrusage(), and times().  
I can't see why that alone would be enough to grind things to a halt;  
however it's hard to see the actual timings here.

However, I happened to have sources of 3.2.7 handy, and from poking around,  
those syscalls appear to be coming out of wrap_nettle_rnd_refresh() in  
lib/nettle/rnd.c, which appears to have something to do with reseeding an  
internal random number pool. It looks like there's a lot of work happening  
here; and I don't quite follow why that needs to be done for each call to  
gnutls_record_send(); but that's as far as I could go, with what I know.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20140109/7c879e8b/attachment.sig>

More information about the Gnutls-help mailing list