benchmarking mod_gnutls vs mod_ssl

Nikos Mavrogiannopoulos nmav at
Mon Mar 10 12:53:05 CET 2008

Simon Josefsson wrote:

>> The performance of gnutls is dramatically better. For a small file
>> (5k) and DHE-RSA ciphersuites the performance is equivalent. For the
>> plain RSA ciphersuite the performance is still low (about 40% of the
>> openssl performance).
>> For a larger (300k) file the performance for both ciphersuites is
>> exactly the same.
>> So it seems libgcrypt is quite optimized in amd64... However there
>> seems to be some overhead in the plain RSA ciphersuites that affects
>> performance when the number of transactions increases (the first case
>> with the small file). Possibly the RSA blinding...
> Yeah, or the TCP stack becomes the bottleneck since gnutls sends more
> packets than mod_ssl.  Although this needs more investigation, my guess
> is that the TCP overhead for another packet is pretty small.  Especially
> when run on localhost.

The tests for amd64 were done using a 100mbit ethernet switch and two 
different pc's for client and server.


More information about the Gnutls-devel mailing list