[Privoxy-devel] HTTPS inspection performance issue may delay the 3.0.34 release (was: Release date for Privoxy 3.0.34)

Fabian Keil fk at fabiankeil.de
Thu Jan 5 17:07:23 CET 2023 

Fabian Keil <fk at fabiankeil.de> wrote on 2022-12-31 at 15:04:15:

> Roland Rosenfeld <roland at spinnaker.de> wrote on 2022-12-30 at 14:53:34:
 
> > So if privoxy 3.0.34 is intended to be part of the Debian bookworm
> > release, it should be released soon (I'd like to upload it before end
> > of January).
> > Alternatively I can cherry pick some patches from GIT and merge it
> > into Debian 3.0.33 release but such an version may be confusing, since
> > the source of Debian 3.0.33 package is different from upstream 3.0.33
> > release...
> 
> I propose we release Privoxy 3.0.34 around 2023-01-15 in which
> case I'll try to tag and upload the source tarball on 2023-01-08.

I may have to delay the tagging as I discovered an issue with
HTTPS inspection but don't know yet if this is an old bug
or a recent regression:

I'm using listadmin [0] for some Mailman-related admin tasks
like discarding spam or approving mails.

Checking the status for 10 mailing lists with HTTPS inspection
enabled takes around 24 minutes which seems unreasonable but
I usually run listadmin in the background and thus may not have
noticed it earlier.

With HTTPS inspection disabled the process only takes about
a minute so it's more than twenty times faster.

I just checked with Slick-Little-Girl [0] and there's the same
problem. Checking loaned media with HTTPS inspection enabled
takes a bit more than a minute and without HTTPS inspection
it only takes about 20 seconds.

listadmin uses www/p5-libwww while Slick-Little-Girl
uses curl.

Both tools use both GET and POST requests and cookies.

I don't know yet if the issue also affects browsers as it's
less trivial to measure.

I'm currently using OpenSSL as TLS backend and haven't checked
if MbedTLS, LibreSSL and WolfSSL have the same issue.

So far I've only tested on ElectroBSD.

Unfortunately I don't have time to further look into this
until the weekend.

Fabian

[0] Website used to be <https://folk.universitetetioslo.no/kjetilho/hacks/#listadmin>
[1] <https://www.fabiankeil.de/gehacktes/slick-little-girl/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-devel/attachments/20230105/3f427cbb/attachment.bin>

More information about the Privoxy-devel mailing list