<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi PPingPongBaker,<br>
<br>
Could you repeat your tests with:<br>
ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:!DH:-MEDIUM:RC4:+HIGH<br>
and<br>
ciphers =
ALL:!SSLv2:!aNULL:!EXP:!LOW:!DH:!ECDH:-MEDIUM:RC4:+HIGH<br>
?<br>
<br>
It might be interesting to see the performance with DH (and
possibly also ECDH) ciphersuites completely disabled.<br>
<br>
TIA,<br>
Mike<br>
<br>
On 2013-04-18 21:02, PPingPongBaker PPingPongBaker wrote:<br>
</div>
<blockquote
cite="mid:CAPAwG7MTx=SvvvZBc7fOd5JZ8CA1rf+SFmkf=A3=uBcNZJ8TBA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div><br>
It appears including static DH params in the certificate
brings the performance back up in 4.40 and onward.<br>
<br>
</div>
Would like to mark this RESOLVED.<br>
<br>
</div>
Regards.<br>
</div>
<div class="gmail_extra">
<br>
<br>
<div class="gmail_quote">On Wed, Apr 17, 2013 at 11:29 PM,
PPingPongBaker PPingPongBaker <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:ppingpongbaker@gmail.com" target="_blank">ppingpongbaker@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Another data point after a binary search
across versions keeping OpenSSL version identical at
1.0.1e
<div>
<br>
</div>
<div>I see this performance regression between stunnel
versions 4.39 and 4.40.</div>
<div class="gmail_extra">
<br>
</div>
<div class="gmail_extra">Regards.</div>
<div>
<div class="h5">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Apr 17, 2013 at
4:46 PM, PPingPongBaker PPingPongBaker <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:ppingpongbaker@gmail.com"
target="_blank">ppingpongbaker@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Apr 17,
2013 at 12:23 PM, Janusz Dziemidowicz <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:rraptorr@nails.eu.org"
target="_blank">rraptorr@nails.eu.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">2013/4/17
PPingPongBaker PPingPongBaker <<a
moz-do-not-send="true"
href="mailto:ppingpongbaker@gmail.com"
target="_blank">ppingpongbaker@gmail.com</a>>:
<div>
<br>
<br>
If you want to compare various stunnel
versions, then use the same<br>
OpenSSL version. If you want to
compare OpenSSL... then use the same<br>
stunnel version. The configuration you
mentioned above doesn't make a<br>
lot of sense as it makes it hard to
tell where the performance drop<br>
comes from. If you really must test
such configuration, the best way<br>
would be to ensure the same TLS
version (1.0, not 1.1 or 1.2, OpenSSL<br>
1.0.1 defaults to 1.2) and the same
cipher.<br>
<br>
</div>
</blockquote>
<div><br>
Hi Janusz,<br>
<br>
</div>
<div>As per your suggestions and mea culpa
in some stated results. Here is a
hopefully complete/better matrix. Making
sure that CPU is pegged at 100% and in
stunnel.conf (sslVersion = TLSv1)<br>
<br>
</div>
<div>stunnel 4.29, OpenSSL 0.9.8o - ~300
requests per sec<br>
</div>
<div>stunnel 4.29, OpenSSL 1.0.1e - ~360
requests per sec<br>
stunnel 4.56, OpenSSL 0.9.8o - ~100
requests per sec<br>
</div>
<div>stunnel 4.56, OpenSSL 1.0.1e - ~120
requests per sec<br>
</div>
<div><br>
</div>
<div>Regards.<br>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
stunnel-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>
<a class="moz-txt-link-freetext" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
</blockquote>
<br>
</body>
</html>