ssl benchmarks with and without nginx
mdounin at mdounin.ru
Mon Sep 19 22:20:14 UTC 2011
On Mon, Sep 19, 2011 at 09:56:19PM +0200, Aleksandar Lazic wrote:
> Dear Reader,
> today on the haproxy list was this link posted
> I have asked why they not have tried to use nginx the answer was another
> Maybe someone can verify if there is really a problem in nginx or this
> difference is due to the fact that nginx is a REAL Webserver and the
> other both 'only' SSL-Terminator.
The main problem I see is nginx configuration. By default nginx
is configured to handle real-word load, not for ssl session
microbenchmarks. And the config used in particular test makes
things even worse due to "multi_accept on" used. For
microbenchmarking ssl one want to use
to ensure better distribution of connections between worker
processes, this should resolve observed latency issues.
p.s. Stunnel in the same test was obviously benchmarked with
non-threaded OpenSSL, and that's why it doesn't scale to multiple
CPUs. With properly compiled OpenSSL it will scale fine.
More information about the nginx