[stunnel-users] SSL Session Cache and HTTPS performance
Daniel Hamburg
daniel.hamburg at iis.rub.de
Tue Jul 19 10:12:35 CEST 2005
Hey Brian,
thanks for the fast reply.
> Find code like this in the stunnel source:
>
> SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);
>
> SSL_set_session(c->ssl, ctx->session_cache_head))
>
> and comment any occurances out. Recompile. Should do the trick.
I did that. Found the first instruction in SSL.c and the second in
client.c. Commenting them out and recompilation did not help. STunnel
still uses Caching.
Correct me if I'm wrong, but afaik STunnel uses OpenSSL to handle SSL
related things. I think OpenSSL uses a pre defined Session Timer of 300
s and simply commenting out the code in STunnel does not prevent
OpenSSL from using his default value. We tried also to change the code
and comment the check, if the session timer is at least equal to 1, out,
but that still did not help.
> Benchmark different key lengths and ciphers until you find the one
> that's fastest.
> And use session caching!
Yes, we tried different parameters, but mod_ssl is about 50% faster than
STunnel and Apache. But I think, that is quite normal.
Greetings,
Daniel
More information about the stunnel-users
mailing list