benchmarking mod_gnutls vs mod_ssl

Nikos Mavrogiannopoulos nmav at
Sat Mar 8 12:41:53 CET 2008

Simon Josefsson wrote:
> All,
> Results from other architectures or operating systems are very welcome.
> Just add the output at the end of the page, under a new 'Results from X'
> heading.
  I've added results from an AMD64x2 cpu. The performance of gnutls is 
dramatically better. For a small file (5k) and DHE-RSA ciphersuites the 
performance is equivalent. For the plain RSA ciphersuite the performance 
is still low (about 40% of the openssl performance).

For a larger (300k) file the performance for both ciphersuites is 
exactly the same.

So it seems libgcrypt is quite optimized in amd64... However there seems 
to be some overhead in the plain RSA ciphersuites that affects 
performance when the number of transactions increases (the first case 
with the small file). Possibly the RSA blinding...

> One interesting behaviour I noticed when running the tests was that with
> mod_ssl, the exchanged TCP packets as seen in wireshark were:
> In other words, gnutls sends each TLS packet in a separate TCP packet.
> This may have some impact on performance, but it is too early to tell
> for sure.

This could also affect the first case where a small file is sent and 
many transactions occur per second.


More information about the Gnutls-devel mailing list