Mariadb Performance : Openssl and wolfssl

Why this SSL performance assessment of Mariadb ?

My first objective was to assess new openssl 3.5 or 3.6 and see whether it's improving for Mariadb  or not and second , I could not find any comparative analysis of ssl for Mariabd in public space.

Earlier in MySQL, I had done exhaustive assessment of  wolfssl and openssl's different version so thought of doing some against Mariadb which is another popular database and moving fast in db ranking.

I used  memory bound test and sysbench's point-select without prepared statement to stress TLS layer the most. Another test , I picked is connect/disconnect which fires point-select query for each connection like PHP and this also stressess TLS layer the most.

Key Findings

  • In case of sysbench's point-select query like "SELECT c FROM sbtest1 WHERE id = 12345;" , wolfssl (5.8.4 default) is the best. openssl-1.1.1l/3.0.19/3.5.5/3.6.1 are less upto 9% wrt wolfssl.
  • In case of sysbench's point-select query like "SELECT c FROM sbtest1 WHERE id = 12345;" with connect and disconnet for each query , openssl-1.1.1l is the best and better by 17% wrt wolfssl. 
  • 3.0.19/3.5.5/3.6.1 are still less upto 2-3% wrt 1.1.1l and it might be different case with different kernel and hardware but  I have not seen drastic difference between openssl versions , I tested on my 6 core ubuntu 24.0 laptop.

The below table will summarize in better way the differences







point-select, memory bound, workload 

Buffer-Pool:2 GB, data:1 gb - 8 table x 0.5 million rows so this is memory bound where data fits into buffer-pool

test notes: no prepared-statement in sysbench , tcp and local loopback 127.0.0.1 used. it's memory bound test to stress mostly cpu and TLS layer.

Observations:

  •  wolfssl seems to be the best in term of tps.
  •  CPU% fully saturated by 16 threads on this 6 core ubuntu 24.0 laptop.
  •  In case of openssl 1.1.1l seems to better than other 3.0.19/3.5.5/3.6.1 .
  •  I ran warmup test with 4 threads for 200 sec before actaully running tests with threads=1,4,8,16 .
  •  Checked the connections using PFS query "SELECT CONNECTION_TYPE from performance_schema.thread" all were using SSL.
  •  I looked into global variables "VERSION_SSL_LIBRARY"  and pldd `pidof mariadb` to confirm ssl lib being used.
  • I used TAF for running test and used dim_stat for monitoring





The table below shows drop in openssl-x.x.x  wrt wolfssl:




The below graph shows  trends of selects/sec, sessions and cpu% uage:





Why this matters:
  • If you are upgrading your kernel and your Mariadb is using openssl then which version of openssl impacts the performance and by how much, you should be knowing. In case your traffic is higly read-only and using SSL then you know upfront whether tps will be bad or good for the system's openssl.

connect/disconnect, memory bound,workload

Buffer-Pool:2 GB, data:1 gb - 8 table x 0.5 million rows so this is memory bound where data fits into buffer-pool

test notes: no prepared-statement in sysbench , tcp and local loopback 127.0.0.1 used. it's memory bound test to stress mostly cpu and TLS layer. root#sysctl -w net.ipv4.tcp_tw_reuse="1" root#sysctl -w net.ipv4.tcp_max_tw_buckets="2048", used to avoid running out of tcp socket


Observations:
  • openssl-1.1.1l seems to be the best and wolfssl seems to be the worst.
  • CPU% fully saturated by 16 threads on this 6 core ubuntu 24.0 laptop.

  • In case of openssl 1.1.1l seems to better than other 3.0.19/3.5.5/3.6.1 but 3.x.x are not far behiond and may be on higher core , we will more difference in openssl-3.x.x .

  • I ran warmup test with 4 threads for 200 sec before actaully running tests with threads=1,4,8,16 .

  • Checked the connections using PFS query "SELECT CONNECTION_TYPE from performance_schema.thread" all were using SSL.


The table below shows drop in wolfss/openssl-3.x.x wrt openssl-1.1.1l



Why this matters:
  • If you have PHP based application and you are upgrading kernel which means your system openssl might be upgraded too. In that case , if your Mariadb server is using openssl then read-query with ssl , may be impacted postively or negatively. This you will be knowing based on  your performance assessment of Mariadb server not by openssl's published microbenchmarking results.

Misc

TAF usage

I used  TAF  framework and selected BMK ( sysbench-lua version to test) . Sample test comand shared, below:

perl ./taf.pl --prop=/home/amrendra/projects/mariadb-openssl/sysbench_lua.tcp.ps.properties --action=init-start-db-run-tests   --verbose --skip-client-builds  --db-software-install-dir=/home/amrendra/TAF/database_software_installs/mariadb-13.0.1-linux-x86_64-ssl-${openssl_version} --environment-variables="LD_PRELOAD;${libpath}/libssl.so:${libpath}/libcrypto.so" --ignore-running-db-process --exec-sql-file-before-test-setup=/home/amrendra/TAF/scripts/sql/mariadb/status/global_variables_dump.sql --include-warmup-iteration

In TAF installation , you can find  readymade property file: <TAF installation>/properties/mariadb/beta/sysbench_lua.properties

I did few changes like ,sysbench_lua.use_bmk=true  taf.iterations=1 , taf.threads=1,4,8,16  taf.warmup_threads=4 sysbench_lua.number_of_rows=500000 taf.db_clients_use_unix_socket=false sysbench_lua.db_ps_mode=disable sysbench_lua.bmk_mysql_ssl=REQUIRED

You can refer, taf_usage.txt document in TAF to know TAF options and I encourage people to try out

After the test runs are done, I generated report in html format . like this

#perl ResultsCompareRaw.pl /home/amrendra/TAF/archive/amrendra-HP-255R-15-6-inch-G10-Notebook-PC_CONNECT_init-start-db-run-tests_2026_5_22_15_20_22/amrendra-HP-255R-15-6-
inch-G10-Notebook-PC_mariadb_sysbench-lua_CONNECT_20260522_152022.raw.txt /home/amrendra/TAF/archive/amrendra-HP-255R-15-6-inch-G10-Notebook-PC_CONNECT_init-start-db-run-tests_2026_5_22_15_47_22/amrendra-HP-255R-15-6-inch-G10-Notebook-P
C_mariadb_sysbench-lua_CONNECT_20260522_154722.raw.txt /home/amrendra/TAF/archive/amrendra-HP-255R-15-6-inch-G10-Notebook-PC_CONNECT_init-start-db-run-tests_2026_5_22_16_14_23/amrendra-HP-255R-15-6-inch-G10-Notebook-PC_mariadb_sysbench-
lua_CONNECT_20260522_161423.raw.txt /home/amrendra/TAF/archive/amrendra-HP-255R-15-6-inch-G10-Notebook-PC_CONNECT_init-start-db-run-tests_2026_5_22_16_41_23/amrendra-HP-255R-15-6-inch-G10-Notebook-PC_mariadb_sysbench-lua_CONNECT_2026052
2_164123.raw.txt /home/amrendra/TAF/archive/amrendra-HP-255R-15-6-inch-G10-Notebook-PC_CONNECT_init-start-db-run-tests_2026_5_22_17_08_22/amrendra-HP-255R-15-6-inch-G10-Notebook-PC_mariadb_sysbench-lua_CONNECT_20260522_170822.raw.txt ..
/

 This generated report : CONNECT_20260522_171155.chartplus_testinfo.html  and I pasted above the screenshot of it.

Downloadeded source  from openssl and compiled locally like below:

cd /home/amrendra/sw/openssl-1.1.1l
./config --prefix=/opt/openssl-1.1.1l  --openssldir=/opt/openssl-1.1.1l
make
sudo make install
cd /home/amrendra/sw/openssl-3.0.19
./config --prefix=/opt/openssl-3.0.19  --openssldir=/opt/openssl-3.0.19
make
sudo make install
cd /home/amrendra/sw/openssl-3.5.5
./config --prefix=/opt/openssl-3.5.5  --openssldir=/opt/openssl-3.5.5
make
sudo make install

Compiled latest mariadb  locally on my ubuntu 24.0

#cmake for mariadb
cmake -S "$SRC" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_SSL=bundled
cmake -S "$SRC" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_SSL=OPENSSL -DOPENSSL_ROOT_DIR=/opt/openssl-1.1.1l
cmake -S "$SRC" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_SSL=OPENSSL -DOPENSSL_ROOT_DIR=/opt/openssl-3.0.19
cmake -S "$SRC" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_SSL=/opt/openssl-3.5.5 -DOPENSSL_ROOT_DIR=/opt/openssl-3.5.5
cmake -S "$SRC" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DWITH_SSL=/opt/openssl-3.5.5 -DOPENSSL_ROOT_DIR=/opt/openssl-3.6.1
cmake --build -- -j3
cpack -G TGZ

#mariadb commit
commit c8e8d33309606e682c98675d594dbd23ebc2ddf6 (HEAD -> main, origin/main

#started mariadb with preloaded compiled libs of openssl otherwise, it was taking system's openssl lib

#Preloaded openssl compiled version
LD_PRELOAD;${libpath}/libssl.so:${libpath}/libcrypto.so ,   as mentioned aboove in TAF command

Mariadb config

Mariadb config used : mariadb_simple_2gbp.cnf , which is there in TAF

[mysqld]

max_connections=200

open_files_limit=65535

table_open_cache=2048

thread_cache_size=128

# Innodb

innodb_buffer_pool_size=2G

innodb_log_file_size=512M

innodb_flush_method=O_DIRECT

innodb_file_per_table=1

innodb_flush_neighbors=0

innodb_read_io_threads=4

innodb_write_io_threads=4

# ---------------------------------------------------------------------------

# innodb_snapshot_isolation

# Controls whether InnoDB enables full snapshot isolation.

# ---------------------------------------------------------------------------

innodb_snapshot_isolation=0

performance_schema=ON

innodb_monitor_enable='%'





 


 


Comments

Post a Comment

Popular posts from this blog

MySQL- Crash Recovery Performance Assessment

Why we need to assess the performance of   crash recovery in MySQ and here is my explanation:  It’s not just WLs or bug fixes — any change in redo format or code changes around it, flushing behavior, or recovery concurrency can silently slow things down and if you have huge volume of data to recover than it could be painful. MySQL errorlog is the best place to look into details like whats happening during recovery and which phase of recovery is time consuming. Basically , I measured the recovery  timing  - from “Starting crash recovery” to “Apply batch completed , in MySQLD error log. Refer this about recovery in Innodb here: https://dev.mysql.com/doc/refman/8.4/en/innodb-recovery.html#innodb-crash-recovery Let me share some of my hack to measure the time taken for crash-recovery experiment. 1.  I used ` innodb_checkpoint_disabled ` which is strictly a testing mechanism. It forces maximum redo accumulation and doesn’t reflect real‑world recovery .   in...
Read more

PGO in MySQL community 9.7

Image
  PGO ( Profile-guided optimization) in mysql community edition of 9.7.0 -------------------------------------------------------------------------------------------------------------------------- Straightforward ,  30% gain   we have seen in eneterprise edition of mysql   in read only sysbench test like point-select ( memory bound) .  I am curious to know whether similar gain , we see in pgo community build and what kind of test cases it use to train data? If pgo in community edition gives 30 percentage gain then it makes sense to use this feature by many other databases based on MySQL because it comes free without doing any extra tuning of mysqld config. As you can see,9.7.0 gives better performance wrt 9.6.0 and it's because of just pgo being put in. I referred INFO_BIN and 9.7 has fprofile compiler option whereas 9.6.0 doesn't have So, far I have seen release notes and I know, there is no other major changes would have contributed such gain. Its go...
Read more