[stunnel-users] SSL Session Cache and HTTPS performance

Brian Hatch bri at stunnel.org
Tue Jul 19 06:26:32 CEST 2005



> I would like to test the performance difference between enabled and 
> disabled SSLCaching. I use a configuration file for Stunnel 4.11 (daemon 
> mode) where I tell it to accept incoming connections on port 444 and 
> direct them to a local web-server on port 80.

	

Find code like this in the stunnel source:

	    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);

            SSL_set_session(c->ssl, ctx->session_cache_head))

and comment any occurances out.  Recompile.  Should do the trick.

> Another question is if anyone of you has made any performance tests 
> regarding STunnel in combination with an Apache HTTP server on the same 
> machine. I'm specially interested in modes to get this combination run 
> faster. And now please do not tell me to use mod_ssl. :)

Benchmark different key lengths and ciphers until you find the one
that's fastest.

And use session caching!



-- 
Brian Hatch                  Whatever hits the
   Systems and                fan will not be
   Security Engineer          evenly distributed.
http://www.ifokr.org/bri/

Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050718/989cefff/attachment.sig>


More information about the stunnel-users mailing list