ssl benchmarks with and without nginx

Maxim Dounin mdounin at mdounin.ru
Mon Sep 19 22:20:14 UTC 2011


Hello!

On Mon, Sep 19, 2011 at 09:56:19PM +0200, Aleksandar Lazic wrote:

> Dear Reader,
> 
> today on the haproxy list was this link posted
> 
> http://blog.exceliance.fr/2011/09/16/benchmarking_ssl_performance/
> 
> I have asked why they not have tried to use nginx the answer was another
> link
> 
> http://vincent.bernat.im/en/blog/2011-ssl-benchmark.html
> 
> Maybe someone can verify if there is really a problem in nginx or this
> difference is due to the fact that nginx is a REAL Webserver and the
> other both 'only' SSL-Terminator.

The main problem I see is nginx configuration.  By default nginx 
is configured to handle real-word load, not for ssl session 
microbenchmarks.  And the config used in particular test makes 
things even worse due to "multi_accept on" used.  For 
microbenchmarking ssl one want to use

    events {
        accept_mutext off;
        multi_accept off;
        ...
    }

to ensure better distribution of connections between worker 
processes, this should resolve observed latency issues.

Maxim Dounin

p.s. Stunnel in the same test was obviously benchmarked with 
non-threaded OpenSSL, and that's why it doesn't scale to multiple 
CPUs.  With properly compiled OpenSSL it will scale fine.



More information about the nginx mailing list