A natural question to ask after the previous post is “how much overhead does security add?” So I’ve benchmarked the three methods discussed; mutual TLS, server-side TLS, and no encryption. The results are below:
Here are the numeric results for one of the runs:
BenchmarkMutualTLS-8 200 9331850 ns/op
BenchmarkServerTLS-8 300 5004505 ns/op
BenchmarkInsecure-8 2000 1179252 ns/op
PASS
ok github.com/bbengfort/sping 7.364s
Here is the code for the benchmarking for reference:
var (
server *PingServer
client *PingClient
)
func BenchmarkMutualTLS(b *testing.B) {
logmsgs = false
server = NewServer()
client = NewClient("tester", 100, 8)
go server.ServeMutualTLS(50051)
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := client.PingMutualTLS("localhost:50051")
if err != nil {
fmt.Println(err)
break
}
}
}
It’s all pretty straight forward, the other two functions use server.ServeTLS
and server.ServeInsecure
for the server side and client.PingTLS
and client.PingInsecure
for the client. The only note is that because the server is running throughout the tests, each benchmark runs with a different port number.