I post this question here because I suppose this also concerns opensearch.
I noticed some strange behavior when multiple clients (like a service scaled up by the autoscaler in kubernetes) connects to a elasticsearch/opendistro cluster. The connections were accepted slowly and were eventually rejected because of the full tcp backlog. After some investigation I noticed that connections using client certificates are slower established compared to the ones without client certificate.
A small test script visualizes the difference. It tries to establish 5000 connections, sends /_cluster/health every 15 seconds and timeouts and then retries after 5 seconds (‘ok’ means /_cluster/health request was successful, ‘connections’ are established connections)
Is this due to a configuration error? Can the behaviour be improved?