benchmarking mod_gnutls vs mod_ssl
Simon Josefsson
simon at josefsson.org
Wed Mar 12 11:33:59 CET 2008
Simon Josefsson <simon at josefsson.org> writes:
> I've added 3DES comparisons to:
>
> http://trac.gnutls.org/cgi-bin/trac.cgi/wiki/BenchmarkingModGnuTLSResults
>
> 3DES mod_ssl small file: 310.78 trans/sec
> 3DES mod_gnutls small file: 154.77 trans/sec
>
> 3DES mod_ssl large file: 7.25 trans/sec
> 3DES mod_gnutls large file: 5.75 trans/sec
>
> Rather consistent with earlier ia32 results. It is clear that 3DES is
> quite slow on large data sizes. AES-128 results:
>
> AES mod_ssl large file: 28.11 trans/sec
> AES mod_gnutls large file: 15.25 trans/sec
>
> For some reason I didn't get the DHE-DSS tests to work. Perhaps I need
> a DSA certificate.
Indeed, and I've updated the wiki pages with DSS testing information.
The results are consistent with gnutls having 50%-75% of openssl's
performance on ia32. For TLS_DHE_DSS_WITH_RSA_128_CBC_SHA (0x0032):
mod_ssl small file: 47.76 trans/sec
mod_gnutls small file: 34.13 trans/sec
mod_ssl large file: 18.87 trans/sec
mod_gnutls large file: 11.60 trans/sec
However I just realized something important: OpenSSL in Debian have
CPU-specific optimizations. Strace'ing apache indicates that it opens
libssl from /usr/lib/i686/ instead of /usr/lib/. Libgcrypt is compiled
for i486 if I understand correctly. That's not a fair comparison, so I
expect gnutls performance to be higher.
/Simon
More information about the Gnutls-devel
mailing list