benchmarking mod_gnutls vs mod_ssl
Simon Josefsson
simon at josefsson.org
Mon Mar 10 12:58:31 CET 2008
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> Simon Josefsson wrote:
>
>>> The performance of gnutls is dramatically better. For a small file
>>> (5k) and DHE-RSA ciphersuites the performance is equivalent. For the
>>> plain RSA ciphersuite the performance is still low (about 40% of the
>>> openssl performance).
>>>
>>> For a larger (300k) file the performance for both ciphersuites is
>>> exactly the same.
>>>
>>> So it seems libgcrypt is quite optimized in amd64... However there
>>> seems to be some overhead in the plain RSA ciphersuites that affects
>>> performance when the number of transactions increases (the first case
>>> with the small file). Possibly the RSA blinding...
>>
>> Yeah, or the TCP stack becomes the bottleneck since gnutls sends more
>> packets than mod_ssl. Although this needs more investigation, my guess
>> is that the TCP overhead for another packet is pretty small. Especially
>> when run on localhost.
>
> The tests for amd64 were done using a 100mbit ethernet switch and two
> different pc's for client and server.
Ah, ok. I've updated the wiki page to reflect this. I ran the client
and server on the same machine.
/Simon
More information about the Gnutls-devel
mailing list