handshaking takes too long (although, session resuming *seems* to work)

Simon Josefsson simon at josefsson.org
Tue Mar 16 16:08:53 CET 2010

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> On Tue, Mar 16, 2010 at 3:19 PM, Christian Parpart <trapni at gentoo.org> wrote:
>> What I now see, is, that on first (client web browser) connect, a record
>> gets stored my cache, and on the second call, I successively return this
>> data back to gnutls, however, the session resuming still takes as much
>> time as on the first request.
> Does your client support session resumption? It has to be supported by both to
> be effective. If you use gnutls-cli add the --resume option.
>> I've tested it on my netbook (quite thin hardware, though), and there it
>> takes about 2.5 seconds. still too long even without session resuming?
>> Compared to Apache, even the first request responded quite instant.
> Different algorithms in gnutls have different speeds. The defaults are sorted
> on a security margin and speed was not a concern. Check the priority functions
> documentation for more information.

A 2.5 second delay strongly suggest something outside GnuTLS is causing
the delays though.  I'm using mod_gnutls under Apache on a few
production systems and it is comparable in speed to mod_ssl.


More information about the Gnutls-help mailing list