Extra TLS Latency from Loading Root Certificates

[bmteller]

Brief summary

The first time root certificates are loaded in OSX it takes a long time to parse them (> 100ms) and this time will appear as part of http_req_tls_handshaking. The certificates can be forced to load by running: x509.SystemCertPool() somewhere in the code before benchmarking.

k6 version

k6 v0.36.0 ((devel), go1.17.6, darwin/amd64)

OS

macOS 10.15.7

Docker version and image (if applicable)

No response

Steps to reproduce the problem

import http from 'k6/http';

export default function () {

  const response = http.get('https://www.google.com');

}

k6 run -i 1 test.js

     http_req_tls_handshaking.......: avg=138.26ms min=138.26ms med=138.26ms max=138.26ms p(90)=138.26ms p(95)=138.26ms

this should take around <30ms on my machine.

k6 run -i 2 --no-connection-reuse test.js

     http_req_tls_handshaking.......: avg=80.18ms  min=12.71ms med=80.18ms  max=147.65ms p(90)=134.15ms p(95)=140.9ms

we can see when running two requests the first one took 147ms and second one took 12.71ms.

Expected behaviour

The first HTTPS request shouldn't stall because of client side certificate parsing of the root certificates.

Actual behaviour

The first HTTPS request stalls because of client side certificate parsing of the root certificates.

[mstoykov]

This seems like a nice small reasonable change @bmteller :tada:. Thanks for reporting it.

Do you want to try to make a PR for it?

[tbourrely]

Hey 🙂,

I can help with that if not already done !

[mstoykov]

Hi @tbourrely, nobody has picked it up. If it was done we would've closed the issue ;)