You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a noticeable degradation in performance regarding operations that load SLL certificates (like creating an https connection) in Lambda runtimes running on Amazon Linux 2023 in comparison to runtimes that run on Amazon Linux 2.
The issue can easily reproduced with the following python snippet:
this seems to be pretty much identical in Amazon Linux 2023 and Amazon Linux 2.
the number of certificates in /etc/ssl/crets however is different with Amazon Linux 2 only containing only the two above certificates but Amazon Linux 2023 containing ~400. not sure though if (or how) these certificates are considered.
Note, this issue doesn't only happen in the python runtime but the degradation in performance can be observed in other runtimes (at least for Node 20) and for external Lambda extensions (e.g. some go extension that uses/creates an https connection) as well.
The text was updated successfully, but these errors were encountered:
I totaly see this problem on my lambdas too. I had to revert from Python 3.12 to 3.11 so the underlaying System is AL2 again. My metrics are pretty much the same like yours. I had an increase of connection time from about 300ms to 900ms.
In my investigation, this is caused not by Lambda but Amazon Linux 2023.
When I use this image for Python 3.12 or 2023 of official Amazon Linux image, my static code analysis task that takes only 3 seconds in Amazon Linux 2 of official Amazon Linux image takes 20 seconds that is not useful in development.
There is a noticeable degradation in performance regarding operations that load SLL certificates (like creating an https connection) in Lambda runtimes running on Amazon Linux 2023 in comparison to runtimes that run on Amazon Linux 2.
The issue can easily reproduced with the following python snippet:
Executing the function with python 3.12 runtime (128M of allocated memory) results in an execution time similar to
and in comparison the same but running with the python 3.11 runtime
So creating an HTTPSConnection in Amazon Linux 2023 is ~2-3 times slower than on Amazon Linux 2.
To narrow it down the function calls made when creating a new HTTPSConnection are:
ssl.SSLContext
withssl._create_default_https_context
(which is an alias to ssl.create_default_context)ssl._create_default_https_context
then calls ssl.SSLContext.set_default_verify_pathsssl.SSLContext.set_default_verify_paths
is a wrapper around OpenSSL SSL_CTX_set_default_verify_paths where all the certificate loading happensIf python's
ssl.get_default_verify_paths()
is to be trusted then the certificates should be loaded fromboth,
SSL_CERT_FILE
, andSSL_CERT_DIR
are unset and/etc/pki/tls/certs
only containsthis seems to be pretty much identical in Amazon Linux 2023 and Amazon Linux 2.
the number of certificates in
/etc/ssl/crets
however is different with Amazon Linux 2 only containing only the two above certificates but Amazon Linux 2023 containing ~400. not sure though if (or how) these certificates are considered.Note, this issue doesn't only happen in the python runtime but the degradation in performance can be observed in other runtimes (at least for Node 20) and for external Lambda extensions (e.g. some go extension that uses/creates an https connection) as well.
The text was updated successfully, but these errors were encountered: