[stunnel-users] Inconsistent performance across stunnel and/or OpenSSL versions
Michal Trojnara
Michal.Trojnara at mirt.net
Fri Apr 19 17:10:31 CEST 2013
Hi PPingPongBaker,
Could you repeat your tests with:
ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:!DH:-MEDIUM:RC4:+HIGH
and
ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:!DH:!ECDH:-MEDIUM:RC4:+HIGH
?
It might be interesting to see the performance with DH (and possibly
also ECDH) ciphersuites completely disabled.
TIA,
Mike
On 2013-04-18 21:02, PPingPongBaker PPingPongBaker wrote:
>
> It appears including static DH params in the certificate brings the
> performance back up in 4.40 and onward.
>
> Would like to mark this RESOLVED.
>
> Regards.
>
>
> On Wed, Apr 17, 2013 at 11:29 PM, PPingPongBaker PPingPongBaker
> <ppingpongbaker at gmail.com <mailto:ppingpongbaker at gmail.com>> wrote:
>
> Another data point after a binary search across versions keeping
> OpenSSL version identical at 1.0.1e
>
> I see this performance regression between stunnel versions 4.39
> and 4.40.
>
> Regards.
>
>
> On Wed, Apr 17, 2013 at 4:46 PM, PPingPongBaker PPingPongBaker
> <ppingpongbaker at gmail.com <mailto:ppingpongbaker at gmail.com>> wrote:
>
>
> On Wed, Apr 17, 2013 at 12:23 PM, Janusz Dziemidowicz
> <rraptorr at nails.eu.org <mailto:rraptorr at nails.eu.org>> wrote:
>
> 2013/4/17 PPingPongBaker PPingPongBaker
> <ppingpongbaker at gmail.com <mailto:ppingpongbaker at gmail.com>>:
>
>
> If you want to compare various stunnel versions, then use
> the same
> OpenSSL version. If you want to compare OpenSSL... then
> use the same
> stunnel version. The configuration you mentioned above
> doesn't make a
> lot of sense as it makes it hard to tell where the
> performance drop
> comes from. If you really must test such configuration,
> the best way
> would be to ensure the same TLS version (1.0, not 1.1 or
> 1.2, OpenSSL
> 1.0.1 defaults to 1.2) and the same cipher.
>
>
> Hi Janusz,
>
> As per your suggestions and mea culpa in some stated results.
> Here is a hopefully complete/better matrix. Making sure that
> CPU is pegged at 100% and in stunnel.conf (sslVersion = TLSv1)
>
> stunnel 4.29, OpenSSL 0.9.8o - ~300 requests per sec
> stunnel 4.29, OpenSSL 1.0.1e - ~360 requests per sec
> stunnel 4.56, OpenSSL 0.9.8o - ~100 requests per sec
> stunnel 4.56, OpenSSL 1.0.1e - ~120 requests per sec
>
> Regards.
>
>
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130419/c46137ee/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130419/c46137ee/attachment.sig>
More information about the stunnel-users
mailing list