benchmarking mod_gnutls vs mod_ssl
simon at josefsson.org
Mon Mar 10 12:48:50 CET 2008
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> Simon Josefsson wrote:
>> Results from other architectures or operating systems are very welcome.
>> Just add the output at the end of the page, under a new 'Results from X'
> I've added results from an AMD64x2 cpu.
> The performance of gnutls is dramatically better. For a small file
> (5k) and DHE-RSA ciphersuites the performance is equivalent. For the
> plain RSA ciphersuite the performance is still low (about 40% of the
> openssl performance).
> For a larger (300k) file the performance for both ciphersuites is
> exactly the same.
> So it seems libgcrypt is quite optimized in amd64... However there
> seems to be some overhead in the plain RSA ciphersuites that affects
> performance when the number of transactions increases (the first case
> with the small file). Possibly the RSA blinding...
Yeah, or the TCP stack becomes the bottleneck since gnutls sends more
packets than mod_ssl. Although this needs more investigation, my guess
is that the TCP overhead for another packet is pretty small. Especially
when run on localhost.
>> One interesting behaviour I noticed when running the tests was that with
>> mod_ssl, the exchanged TCP packets as seen in wireshark were:
>> In other words, gnutls sends each TLS packet in a separate TCP packet.
>> This may have some impact on performance, but it is too early to tell
>> for sure.
> This could also affect the first case where a small file is sent and
> many transactions occur per second.
More information about the Gnutls-devel