gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: benchmarking mod_gnutls vs mod_ssl

From: Simon Josefsson
Subject: Re: benchmarking mod_gnutls vs mod_ssl
Date: Mon, 10 Mar 2008 10:41:07 +0100
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) 
"Paul Querna" <address@hidden> writes:

>> One interesting behaviour I noticed when running the tests was that with
>> mod_ssl, the exchanged TCP packets as seen in wireshark were:
>>
>> -> client hello
>> <- server hello, certificate, server key exchange, server hello done
>> -> client key exchange, change cipher spec, encrypted handshake message
>> <- change cipher spec, encrypted handshake message
>> ...
>>
>> but with gnutls we have:
>>
>> -> client hello
>> <- server hello
>> <- certificate
>> <- server key exchange
>> <- server hello done
>> ->client key exchange, change cipher spec, encrypted handshake message
>> <- change cipher spec
>> <- encrypted handshake message
>>
>> In other words, gnutls sends each TLS packet in a separate TCP packet.
>> This may have some impact on performance, but it is too early to tell
>> for sure.
>
> This might be a bug in mod_gnutls -- we might want to add some smarter
> buffering / picking when we do a flush(). Right now I believe we try to
> flush every time gnutls says there is data to send.

Hm, yes, perhaps mod_gnutls could do some buffering.  Or gnutls could do
it internally.

> It also would be nice if the gnutls API had a better way to say "flush",
> rather than just "here is data", although the current API is simple :-)

Aren't there options in the kernel TCP interface to delay sending
packets for some time, to wait for more data that could also be sent in
the same packet?  I have some vague memory about this.

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]