Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.8.0 RC
-
None
-
19a1a0871d4a9081646925c422fe32e900846c2e
Description
The QSslDiffieHellmanParameters::defaultParameters() call, which is used to initialize SSL contexts and in other cases, is extremely slow. In Qt 5.7 there was no way to change the diffie hellman parameters of an SSL context, and those parameters were only computed once on SSL context initialization. In Qt 5.8 with the openssl, every call to QSslDiffieHellmanParameters::defaultParameters() now does the following:
- allocate a QSslDiffieHellmanParameters object and its private data
- decodes the DER encoded default parameters
- the DER decoding call also checks for the DH parameters safety.
In effect the extreme performance regression comes from the isSafeDH() call, which might be fast on x86_64 (I haven't tested), but on x86_32 it is very slow.
QSslDiffieHellmanParameters::defaultParameters is called often so it makes any app doing http connections unusable on embedded devices.
To fix this the defaultParameters should only be computed once at compilation time or cached at runtime, and no safety check should be done for the default parameters.
Attachments
Issue Links
- is duplicated by
-
QTBUG-59728 QNAM::get calls very slow
- Closed
-
QTBUG-60154 Diffie-Hellman parameters are not valid for cleint socket
- Closed