[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
benchmarking mod_gnutls vs mod_ssl
From: |
Simon Josefsson |
Subject: |
benchmarking mod_gnutls vs mod_ssl |
Date: |
Wed, 05 Mar 2008 17:47:57 +0100 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
All,
I've created a wiki page to explain how to benchmark mod_gnutls vs
mod_ssl with apache2 using only official debian packages.
http://trac.gnutls.org/cgi-bin/trac.cgi/wiki/BenchmarkingModGnuTLS
The initial results place mod_gnutls at 50-75% of the performance of
mod_ssl, which was higher than what I would have guessed. We haven't
done any organized optimizations.
Results from other architectures or operating systems are very welcome.
Just add the output at the end of the page, under a new 'Results from X'
heading.
One interesting behaviour I noticed when running the tests was that with
mod_ssl, the exchanged TCP packets as seen in wireshark were:
-> client hello
<- server hello, certificate, server key exchange, server hello done
-> client key exchange, change cipher spec, encrypted handshake message
<- change cipher spec, encrypted handshake message
...
but with gnutls we have:
-> client hello
<- server hello
<- certificate
<- server key exchange
<- server hello done
->client key exchange, change cipher spec, encrypted handshake message
<- change cipher spec
<- encrypted handshake message
In other words, gnutls sends each TLS packet in a separate TCP packet.
This may have some impact on performance, but it is too early to tell
for sure.
/Simon