Hi, during my performance stress testing, I configured 128 requests per second. The Go service, running within a container allocated with 1 CPU core and 1 GB of memory, exhibited a significant delay during the TLS handshake process. Specifically, the duration from receiving the Client Hello to sending the Server Hello could take as long as six seconds.
tls v1.2
go 1.22
It sounds like you’re encountering a bottleneck during the TLS handshake process under high load. Here are some potential areas to investigate and optimize:
- Resource Allocation: With only 1 CPU core and 1 GB of memory, the container might be struggling to handle the cryptographic computations required for the TLS handshake. Consider increasing the allocated resources to see if it reduces the delay.
- TLS Configuration:
- Ensure that the cipher suites being used are optimized for performance. Some cipher suites are more computationally intensive than others.
- Check if session resumption (via session tickets or session IDs) is enabled to reduce the overhead of repeated handshakes.
- Concurrency Handling:
- Review the Go service’s concurrency model. Ensure that the
GOMAXPROCS setting is appropriately configured to utilize the available CPU resources effectively.
- Investigate whether the Go runtime’s garbage collection or other background tasks are causing delays.
- Network Latency:
- Verify that there are no network-related issues contributing to the delay. Tools like
tcpdump or Wireshark can help analyze the handshake process.
- Profiling and Debugging:
- Use Go’s built-in profiling tools (e.g.,
pprof) to identify bottlenecks in the application.
- Enable detailed logging for the TLS handshake to pinpoint where the delay occurs.
- Library and Version Updates:
- Ensure that you’re using the latest stable version of Go (currently 1.22 in your case). If possible, test with a newer version to see if the issue persists, as there might be performance improvements or bug fixes.
- External Dependencies:
- If the service relies on external systems (e.g., a database or API), ensure that they are not contributing to the delay.