gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: benchmarking mod_gnutls vs mod_ssl


From: Simon Josefsson
Subject: Re: benchmarking mod_gnutls vs mod_ssl
Date: Mon, 10 Mar 2008 12:48:50 +0100
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)

Nikos Mavrogiannopoulos <address@hidden> writes:

> Simon Josefsson wrote:
>> All,
>>
>> Results from other architectures or operating systems are very welcome.
>> Just add the output at the end of the page, under a new 'Results from X'
>> heading.
> Hello,
>  I've added results from an AMD64x2 cpu.

Thanks.

> The performance of gnutls is dramatically better. For a small file
> (5k) and DHE-RSA ciphersuites the performance is equivalent. For the
> plain RSA ciphersuite the performance is still low (about 40% of the
> openssl performance).
>
> For a larger (300k) file the performance for both ciphersuites is
> exactly the same.
>
> So it seems libgcrypt is quite optimized in amd64... However there
> seems to be some overhead in the plain RSA ciphersuites that affects
> performance when the number of transactions increases (the first case
> with the small file). Possibly the RSA blinding...

Yeah, or the TCP stack becomes the bottleneck since gnutls sends more
packets than mod_ssl.  Although this needs more investigation, my guess
is that the TCP overhead for another packet is pretty small.  Especially
when run on localhost.

>> One interesting behaviour I noticed when running the tests was that with
>> mod_ssl, the exchanged TCP packets as seen in wireshark were:
> [...]
>> In other words, gnutls sends each TLS packet in a separate TCP packet.
>> This may have some impact on performance, but it is too early to tell
>> for sure.
>
> This could also affect the first case where a small file is sent and
> many transactions occur per second.

Exactly.

/Simon




reply via email to

[Prev in Thread] Current Thread [Next in Thread]