Hello!
On Tue, Jul 12, 2011 at 01:39:33AM -0400, davidkazuhiro wrote:
> Wait I'm confused... how do you know these tests were done with EDCHE
> ciphers?
This is just a guess based on ciphers OpenSSL 1.0.0d prefers by
default when working with nginx and stunell.
> And if they were, how did he do them if nginx doesn't support
> EDCHE?
Forcing cipher to be what equally supported by all programs
tested. Good testing programs even have switches to specify that.
:)
E.g. numbers are from virtual machine on my poor old P4 laptop,
stunnel passing connections to nginx, using cipher as selected by
my browser during real work:
$ http_load -cipher CAMELLIA256-SHA -parallel 10 -seconds 10 stunnel
540 fetches, 10 max parallel, 23220 bytes, in 10.008 seconds
43 mean bytes/connection
53.9568 fetches/sec, 2320.14 bytes/sec
msecs/connect: 2.12899 mean, 24.401 max, 0.196 min
msecs/first-response: 105.195 mean, 414.064 max, 23.386 min
HTTP response codes:
code 200 -- 540
And here is nginx proxy_pass'ing to itself, same cipher:
$ http_load -cipher CAMELLIA256-SHA -parallel 10 -seconds 10 nginx
766 fetches, 10 max parallel, 32938 bytes, in 10.0081 seconds
43 mean bytes/connection
76.538 fetches/sec, 3291.13 bytes/sec
msecs/connect: 1.62532 mean, 22.692 max, 0.262 min
msecs/first-response: 79.0284 mean, 239.204 max, 21.643 min
HTTP response codes:
code 200 -- 766
And as a reference point, direct requests to non-ssl nginx (used
as backend in both tests above):
$ http_load -parallel 10 -seconds 10 nossl
7536 fetches, 10 max parallel, 324048 bytes, in 10.0008 seconds
43 mean bytes/connection
753.542 fetches/sec, 32402.3 bytes/sec
msecs/connect: 0.70163 mean, 30.059 max, 0.02 min
msecs/first-response: 6.044 mean, 48.126 max, 0.281 min
HTTP response codes:
code 200 -- 7536
So you may see nginx is a bit faster than stunnel when
CAMELLIA256-SHA cipher used. On the other hand, using default
ciphers would produce something like this:
$ http_load -parallel 10 -seconds 10 stunnel
243 fetches, 10 max parallel, 10449 bytes, in 10.0243 seconds
43 mean bytes/connection
24.2411 fetches/sec, 1042.37 bytes/sec
msecs/connect: 2.03381 mean, 18.384 max, 0.188 min
msecs/first-response: 239.767 mean, 628.098 max, 68.431 min
HTTP response codes:
code 200 -- 243
(actually used cipher: ECDHE-RSA-AES256-SHA)
$ http_load -parallel 10 -seconds 10 nginx
144 fetches, 10 max parallel, 6192 bytes, in 10.0126 seconds
43 mean bytes/connection
14.3818 fetches/sec, 618.418 bytes/sec
msecs/connect: 1.44656 mean, 12.673 max, 0.427 min
msecs/first-response: 395.734 mean, 836.928 max, 124.105 min
HTTP response codes:
code 200 -- 144
(actually used cipher: DHE-RSA-AES256-SHA)
Here you can see that ECDHE cipher is about 2x times faster
compared to DHE. I believe this is what actually was observed by
author of test you've referenced. Both are 3x times slower than
CAMELLIA256-SHA as shown above though.
And again, disclaimer: all of the above tests ssl handshaking
speeds, not real https workload. Real workloads are expected
to be much different.
Maxim Dounin
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx