benchmarking mod_gnutls vs mod_ssl

Simon Josefsson simon at
Wed Mar 12 11:33:59 CET 2008

Simon Josefsson <simon at> writes:

> I've added 3DES comparisons to:
> 3DES    mod_ssl small file: 310.78 trans/sec
> 3DES mod_gnutls small file: 154.77 trans/sec
> 3DES    mod_ssl large file: 7.25 trans/sec
> 3DES mod_gnutls large file: 5.75 trans/sec
> Rather consistent with earlier ia32 results.  It is clear that 3DES is
> quite slow on large data sizes.  AES-128 results:
> AES    mod_ssl large file: 28.11 trans/sec
> AES mod_gnutls large file: 15.25 trans/sec
> For some reason I didn't get the DHE-DSS tests to work.  Perhaps I need
> a DSA certificate.

Indeed, and I've updated the wiki pages with DSS testing information.
The results are consistent with gnutls having 50%-75% of openssl's
performance on ia32.  For TLS_DHE_DSS_WITH_RSA_128_CBC_SHA (0x0032):

   mod_ssl small file: 47.76 trans/sec
mod_gnutls small file: 34.13 trans/sec

   mod_ssl large file: 18.87 trans/sec
mod_gnutls large file: 11.60 trans/sec

However I just realized something important: OpenSSL in Debian have
CPU-specific optimizations.  Strace'ing apache indicates that it opens
libssl from /usr/lib/i686/ instead of /usr/lib/.  Libgcrypt is compiled
for i486 if I understand correctly.  That's not a fair comparison, so I
expect gnutls performance to be higher.


More information about the Gnutls-devel mailing list