Do you really need a hardware TLS accelerator? Check stunnel performance data below.
| Data throughput | ECDHE-RSA-AES128-GCM-SHA256 | 688 MB/s | 5.5 Gbit/s |
| ECDHE-RSA-AES256-GCM-SHA384 | 648 MB/s | 5.2 Gbit/s | |
| ECDHE-RSA-AES128-SHA256 | 244 MB/s | 2.0 Gbit/s | |
| ECDHE-RSA-AES256-SHA384 | 204 MB/s | 1.6 Gbit/s | |
| DES-CBC3-SHA | 28 MB/s | 0.22 Gbit/s | |
| New connections | New session(1,2) | 750 connections/s | |
| Resumed session(2) | 4 700 connections/s | ||
| PSK authentication(3) | 4 460 connections/s | ||
| Concurrent sessions | Unix poll() | limited by available memory(4) | |
| Unix select() | 500 | ||
| 64-bit Windows build | limited by available memory | ||
| 32-bit Windows build | 1 000 | ||
| Memory usage | Resident Set Size (RSS) | 5 MB + 60 KB/connection | |
Performance was tested on:
- Intel® Core™ i5-3570K CPU @ 3.40GHz
- Ubuntu 14.10, kernel 3.18.11-031811-generic x86_64
- OpenSSL 1.0.2a (built from source with gcc-4.9)
- stunnel 5.16 running on a single CPU core (taskset -c 0)
(1) 2048-bit RSA certificate
(2) Negotiated encryption: ECDHE-RSA-AES256-GCM-SHA384
(3) Negotiated encryption: PSK-AES256-CBC-SHA
(4) In order to handle N concurrent connections on a Unix platform, stunnel requires nfile (ulimit -n) to be higher than 2*N, and nproc (ulimit -u) to be higher than N
