Welcome! Log In Create A New Profile

Advanced

Re: nginx ssl slow

Maxim Dounin
July 12, 2011 05:12AM
Hello!

On Tue, Jul 12, 2011 at 01:39:33AM -0400, davidkazuhiro wrote:

> Wait I'm confused... how do you know these tests were done with EDCHE
> ciphers?

This is just a guess based on ciphers OpenSSL 1.0.0d prefers by
default when working with nginx and stunell.

> And if they were, how did he do them if nginx doesn't support
> EDCHE?

Forcing cipher to be what equally supported by all programs
tested. Good testing programs even have switches to specify that.
:)

E.g. numbers are from virtual machine on my poor old P4 laptop,
stunnel passing connections to nginx, using cipher as selected by
my browser during real work:

$ http_load -cipher CAMELLIA256-SHA -parallel 10 -seconds 10 stunnel
540 fetches, 10 max parallel, 23220 bytes, in 10.008 seconds
43 mean bytes/connection
53.9568 fetches/sec, 2320.14 bytes/sec
msecs/connect: 2.12899 mean, 24.401 max, 0.196 min
msecs/first-response: 105.195 mean, 414.064 max, 23.386 min
HTTP response codes:
code 200 -- 540

And here is nginx proxy_pass'ing to itself, same cipher:

$ http_load -cipher CAMELLIA256-SHA -parallel 10 -seconds 10 nginx
766 fetches, 10 max parallel, 32938 bytes, in 10.0081 seconds
43 mean bytes/connection
76.538 fetches/sec, 3291.13 bytes/sec
msecs/connect: 1.62532 mean, 22.692 max, 0.262 min
msecs/first-response: 79.0284 mean, 239.204 max, 21.643 min
HTTP response codes:
code 200 -- 766

And as a reference point, direct requests to non-ssl nginx (used
as backend in both tests above):

$ http_load -parallel 10 -seconds 10 nossl
7536 fetches, 10 max parallel, 324048 bytes, in 10.0008 seconds
43 mean bytes/connection
753.542 fetches/sec, 32402.3 bytes/sec
msecs/connect: 0.70163 mean, 30.059 max, 0.02 min
msecs/first-response: 6.044 mean, 48.126 max, 0.281 min
HTTP response codes:
code 200 -- 7536

So you may see nginx is a bit faster than stunnel when
CAMELLIA256-SHA cipher used. On the other hand, using default
ciphers would produce something like this:

$ http_load -parallel 10 -seconds 10 stunnel
243 fetches, 10 max parallel, 10449 bytes, in 10.0243 seconds
43 mean bytes/connection
24.2411 fetches/sec, 1042.37 bytes/sec
msecs/connect: 2.03381 mean, 18.384 max, 0.188 min
msecs/first-response: 239.767 mean, 628.098 max, 68.431 min
HTTP response codes:
code 200 -- 243

(actually used cipher: ECDHE-RSA-AES256-SHA)

$ http_load -parallel 10 -seconds 10 nginx
144 fetches, 10 max parallel, 6192 bytes, in 10.0126 seconds
43 mean bytes/connection
14.3818 fetches/sec, 618.418 bytes/sec
msecs/connect: 1.44656 mean, 12.673 max, 0.427 min
msecs/first-response: 395.734 mean, 836.928 max, 124.105 min
HTTP response codes:
code 200 -- 144

(actually used cipher: DHE-RSA-AES256-SHA)

Here you can see that ECDHE cipher is about 2x times faster
compared to DHE. I believe this is what actually was observed by
author of test you've referenced. Both are 3x times slower than
CAMELLIA256-SHA as shown above though.

And again, disclaimer: all of the above tests ssl handshaking
speeds, not real https workload. Real workloads are expected
to be much different.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

nginx ssl slow

davidkazuhiro July 11, 2011 08:45PM

Re: nginx ssl slow

Maxim Dounin July 12, 2011 12:16AM

Re: nginx ssl slow

davidkazuhiro July 12, 2011 01:39AM

Re: nginx ssl slow

davidkazuhiro July 15, 2011 01:57AM

Re: nginx ssl slow

Igor Sysoev July 12, 2011 02:24AM

Re: nginx ssl slow

Mark Maunder July 12, 2011 04:00AM

Re: nginx ssl slow

Maxim Dounin July 14, 2011 11:22AM

Re: nginx ssl slow

Adam Zell July 14, 2011 01:18PM

Re: nginx ssl slow

Bradley Falzon July 12, 2011 02:30AM

Re: nginx ssl slow

Maxim Dounin July 12, 2011 05:12AM

Re: nginx ssl slow

Maxim Dounin July 12, 2011 09:12AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 171
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready