On 14/02/2016 22:36, Rémy Maucherat wrote: > 2016-02-14 22:45 GMT+01:00 Mark Thomas <ma...@apache.org>: > >> All, >> >> In preparation for the connector selection webinar next week, I just did >> a quick test of NIO + JSSE and NIO + OpenSSL. >> >> I was working with 9.0.x trunk including my JASPIC patch >> >> NIO + JSSE ~8200 requests/second >> >> Add the native lib to $CATALINA_BASE/bin and restart. >> No other changes at all. >> >> NIO + OpenSSL ~12300 requests/second >> >> >> Simply dropping in the native library improves TLS performance by >> roughly 50%. >> >> Kudos to remm and jfclere. >> > > Thanks ! > > SSL tests are difficult however, what do you use ?
The same test as I was using for JASPIC. > Direct buffers help > OpenSSL a lot for example (socket.directBuffer and socket.directSslBuffer > to true). Also one important item is to make sure the tests all use the > same cipher, especially with ab (JSSE might not use the same cipher as > OpenSSL), something like: ab -k -Z "AES128-GCM-SHA256" forces testing of > this common AES-GCM cipher. Newer and more secure ciphers are often way > slower, no surprise there. Good point. I'll double check that. What I was really after was a some numbers to back up a (probably over simplified) "drop in the native library and turo-charge your TLS performance" claim. > Last, APR is still significantly faster for me, which is rather normal. > It's not that critical at this performance level, probably, but it's here > to stay. An in depth comparison between the three options would be useful at some point. Have you done much performance tuning of NIO + OpenSSL? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
