Welcome! Log In Create A New Profile

Advanced

Re: SSL slow on nginx

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
July 01, 2014 09:52AM
Hello!

On Tue, Jul 01, 2014 at 03:10:07AM -0400, khav wrote:

> Thanks Maxim and GreenGecko for the insights
>
>
> The worker process does match my number of cpu cores (running on 8 cores
> atm)

Good. It may be also good idea to make sure you don't have
multi_accept enabled, just in case.

> How can i know the number of handshakes per seconds occurring on the
> server

First of all, count the number of connections per second (and
requests per second) - it should be trivial, and may be extracted
even with nginx stub_status module. I would generally recommend
using logs though. With logs, you should be also able to count
number of uncached handshakes - by using $ssl_session_reused
variable and the $connection_requests one.

See here:

http://nginx.org/r/$ssl_session_reused
http://nginx.org/r/$connection_requests
http://nginx.org/r/log_format

> The openssl speed result have been posted on http://pastebin.com/hNeVhJfa
> for readability

So, basically, your server is able to do about 800 plain RSA
handshakes per second per core, 6400 handshakes total.

But as previously noted, things can be very much worse with DH
ciphers, especially if you are using 2048 bit dhparams (or
larger).

> If you can suggest "faster ciphers" with same level of compatibility , i
> would be awesome

It may be good idea to disable DH regardless of the level of
compatibility. It's just too slow.

> Will a faster cpu actually solve the issue ?
> My cpu load never reached a value > 0.50 as far as i know and average is
> like 0.30

You mean - 50% CPU usage across all CPUs? That's looks high
enough, though not critical. But it may be a good idea to look
into per-CPU stats, as well as per process CPU usage.

Note well, CPU is a bottleneck I assumed based on few external
tests. It may not be a CPU, but, e.g., a packet loss somewhere.
And, as I already said, numbers shown by Pingdom are close to
theoretical minimum, and I don't think there is much room for
improvement. The one extra RTT probably deserves investigation,
but I can't say it's an "issue" - it might be even legitimate.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

SSL slow on nginx

khav June 28, 2014 01:14AM

Re: SSL slow on nginx

GreenGecko June 29, 2014 03:08AM

Re: SSL slow on nginx

Maxim Dounin June 30, 2014 06:42PM

Re: SSL slow on nginx

khav July 01, 2014 03:10AM

Re: SSL slow on nginx

Maxim Dounin July 01, 2014 09:52AM

Re: SSL slow on nginx

khav July 01, 2014 11:00AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 206
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready