Rémy, On 2/14/16 5:36 PM, Rémy Maucherat wrote: > 2016-02-14 22:45 GMT+01:00 Mark Thomas <ma...@apache.org>: > >> All, >> >> In preparation for the connector selection webinar next week, I just did >> a quick test of NIO + JSSE and NIO + OpenSSL. >> >> I was working with 9.0.x trunk including my JASPIC patch >> >> NIO + JSSE ~8200 requests/second >> >> Add the native lib to $CATALINA_BASE/bin and restart. >> No other changes at all. >> >> NIO + OpenSSL ~12300 requests/second >> >> >> Simply dropping in the native library improves TLS performance by >> roughly 50%. >> >> Kudos to remm and jfclere. >> > > Thanks ! > > SSL tests are difficult however, what do you use ? Direct buffers help > OpenSSL a lot for example (socket.directBuffer and socket.directSslBuffer > to true). Also one important item is to make sure the tests all use the > same cipher, especially with ab (JSSE might not use the same cipher as > OpenSSL), something like: ab -k -Z "AES128-GCM-SHA256" forces testing of > this common AES-GCM cipher. Newer and more secure ciphers are often way > slower, no surprise there.
+1 Make sure that the same cipher suite(s) are in use for these tests. > Last, APR is still significantly faster for me, which is rather normal. Agreed. JSSE adds-in a bunch of API layers whereas the APR connector is almost straight-to-OpenSSL. I think it will always have a performance advantage. (Especially because OpenSSL itself is finally slimming-down after decades of cruft.) > It's not that critical at this performance level, probably, but it's here > to stay. It just needs a good bit of real-world testing to make sure we have all the corner-cases handled. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
