benchmarking mod_gnutls vs mod_ssl

Simon Josefsson simon at
Mon Mar 10 12:58:31 CET 2008

Nikos Mavrogiannopoulos <nmav at> writes:

> Simon Josefsson wrote:
>>> The performance of gnutls is dramatically better. For a small file
>>> (5k) and DHE-RSA ciphersuites the performance is equivalent. For the
>>> plain RSA ciphersuite the performance is still low (about 40% of the
>>> openssl performance).
>>> For a larger (300k) file the performance for both ciphersuites is
>>> exactly the same.
>>> So it seems libgcrypt is quite optimized in amd64... However there
>>> seems to be some overhead in the plain RSA ciphersuites that affects
>>> performance when the number of transactions increases (the first case
>>> with the small file). Possibly the RSA blinding...
>> Yeah, or the TCP stack becomes the bottleneck since gnutls sends more
>> packets than mod_ssl.  Although this needs more investigation, my guess
>> is that the TCP overhead for another packet is pretty small.  Especially
>> when run on localhost.
> The tests for amd64 were done using a 100mbit ethernet switch and two
> different pc's for client and server.

Ah, ok.  I've updated the wiki page to reflect this.  I ran the client
and server on the same machine.


More information about the Gnutls-devel mailing list