benchmarking mod_gnutls vs mod_ssl

Simon Josefsson simon at
Mon Mar 10 12:48:50 CET 2008

Nikos Mavrogiannopoulos <nmav at> writes:

> Simon Josefsson wrote:
>> All,
>> Results from other architectures or operating systems are very welcome.
>> Just add the output at the end of the page, under a new 'Results from X'
>> heading.
> Hello,
>  I've added results from an AMD64x2 cpu.


> The performance of gnutls is dramatically better. For a small file
> (5k) and DHE-RSA ciphersuites the performance is equivalent. For the
> plain RSA ciphersuite the performance is still low (about 40% of the
> openssl performance).
> For a larger (300k) file the performance for both ciphersuites is
> exactly the same.
> So it seems libgcrypt is quite optimized in amd64... However there
> seems to be some overhead in the plain RSA ciphersuites that affects
> performance when the number of transactions increases (the first case
> with the small file). Possibly the RSA blinding...

Yeah, or the TCP stack becomes the bottleneck since gnutls sends more
packets than mod_ssl.  Although this needs more investigation, my guess
is that the TCP overhead for another packet is pretty small.  Especially
when run on localhost.

>> One interesting behaviour I noticed when running the tests was that with
>> mod_ssl, the exchanged TCP packets as seen in wireshark were:
> [...]
>> In other words, gnutls sends each TLS packet in a separate TCP packet.
>> This may have some impact on performance, but it is too early to tell
>> for sure.
> This could also affect the first case where a small file is sent and
> many transactions occur per second.



More information about the Gnutls-devel mailing list