Have you ever been curious about what performance impact SSL has when used with MySQL? We recently benchmarked SSL vs non-SSL performance in MySQL using yaSSL. yaSSL is bundled with source distributions of MySQL by default. We compared both the footprint size as well as average query times for SELECT queries (measured with the sysbench tool).
Our findings were part of a presentation on MySQL security practices along with an introduction to SSL and TLS. It was titled “Securing MySQL with a Focus on SSL“, and was recently presented at the 2011 O`Reilly MySQL Conference & Expo. If you missed our presentation, or if you would like to download the slides as a reference, you can find them in PDF format on our Media Page.
Our benchmark machine was an Apple Macbook Pro, with the following specs:
Apple Macbook Pro
Intel Core 2 Duo
4 MB L2 Cache, 2GB Memory, 667 MHz Bus Speed
The difference in footprint size between an installation of MySQL with SSL support versus one without SSL is very small (about 5%). There are two directories containing size differences: the `lib` and `bin` directories, with size comparisons as shown in Figure 1, below.
Footprint size comparison of MySQL with SSL (Green) and MySQL without SSL (Red). This was calculated by running the “du” command inside the MySQL installation directory after a new install.
AVERAGE SELECT QUERY TIMES
Looking at average query times, Figure 2 shows a breakdown of average query time (ms) comparisons for varying number of concurrent client connections. Looking at one sample specifically, we can see that for a client concurrency of eight, there is a 16.9% increase in the average query time when connections are using SSL.
Average query times (in ms) for varying number of concurrent client connections. Results were obtained by using the sysbench tool on a new MySQL installation.
These tests were run on a laptop using the sysbench tool. Speeds on enterprise platforms will vary. If you have any questions about our findings or methodology for testing, please email us directly at email@example.com.
As you may know, we recently gave a presentation titled “Securing MySQL with a Focus on SSL” at the 2011 O`Reilly MySQL Conference & Expo. We had a great time, met a bunch of awesome people, and learned a lot. Now that the conference is over, we`ve posted our slides to our Media page as a resource, here.
Our presentation covers the basics of securing a new MySQL installation, goes over an introduction of how SSL and TLS work, and touches on data encryption as well. A general outline is below:
– Common Attacks & Vulnerabilities
– Good Security Practices for MySQL
– Overview of SSL and TLS
– Configuring and Building MySQL with SSL
– MySQL SSL Command Options
– SSL Certificate Creation
– Performance Comparison
Additional Security Concerns
– Data Storage and Encryption
If you find any errors in our presentation, or see things that you think should be added, please let us know. Stay tuned for a summary of our SSL performance results.
yaSSL has made substantial progress in Q1 of 2011, including improvements and expansions in the areas of standards support, new ciphers, code repositories, and new community activity. We like to keep our users up to date about our progress. An overview of yaSSL accomplishments and activities for Q1 can be seen below:
– SHA-256 Cipher Suites
– PKCS8 Private Key Encryption Support
– Password-based key derivation function 2
– Better TLS 1.2 support
yaSSL Embedded Web Server
– Release 0.2. Added increased documentation, bug fixes, and examples.
– Mbed Release. wolfSSL is now ported to mBed and available for their cloud compiler.
– CURL port. wolfSSL can now be built with CURL (as a build option).
– memcached patch. wolfSSL now provides SSL security for memcache.
– reSIPprocate port
– Haiku OS. wolfSSL now works with the Haiku Operating System.
Code & Community
– Migrated wolfSSL code to GitHub
– Introduced the yaSSL Support Forums
– Added BMX6 to the wolfSSL Community
– Expanded and Grew our Partnership with Intel
– Revived and updated our Freshmeat Accounts
Conference & Expo`s
– RSA Conference
– O`Reilly MySQL Conference & Expo
(Presentation: Securing MySQL with a Focus on SSL)
If you have questions about items in the above list, or would like more information on yaSSL products, please contact directly at firstname.lastname@example.org, or through our support forums (http://wolfssl.com/forums).
The yaSSL crew believes that keeping our users up to date on company and product news is very important. With this in mind, we have tried to offer many forms and outlets for you to follow our news. Currently, you can read our news and keep up to date in any of the following ways:
1. Reading the yaSSL Blog – News directly from the source
2. Follow us on Twitter – http://twitter.com/wolfSSL
3. Like us on Facebook – http://www.facebook.com/pages/YaSSL/147081235315602
4. Use the yaSSL Blog RSS Feed in your favorite RSS reader – http://www.wolfssl.com/feed
5. Follow us on LinkedIn – https://www.linkedin.com/company/wolfssl/
If there is a different method that you think would be more beneficial for you to receive our news, please let us know, and we’ll think about implementing it. As always, we love to hear feedback from our users about our products, website, or news we’ve posted. Please send any comments or suggestions to email@example.com.
The yaSSL Team