SSL Performance on real hardware versus virtual

Igor Sysoev is at rambler-co.ru
Sun Apr 1 00:59:57 MSD 2007 

On Sun, Apr 01, 2007 at 12:56:40AM +0400, Igor Sysoev wrote:

> On Fri, Mar 16, 2007 at 10:04:37AM -0500, Casey Rayman wrote:
> 
> > I am sorry this took so long.  I have been traveling the last several  
> > weeks.  I have attached my test configuration  file and a debug log.   
> > Please let me know if different logs or configs would be helpful.
> 
> Am I right that the delay is just before /index.html ?
> 
> I see that browser tries to do handshake three times:
> 
> 2007/03/16 09:49:07 [debug] 7455#0: *1 http check ssl handshake
> 2007/03/16 09:49:07 [debug] 7455#0: *1 https ssl handshake: 0x80
> 2007/03/16 09:49:07 [info] 7455#0: *1 peer closed connection in SSL handshake
> while reading client request line, client: 10.10.200.117, server: localhost
> 2007/03/16 09:49:07 [debug] 7455#0: *1 http close request
> 2007/03/16 09:49:07 [debug] 7455#0: *1 http log handler
> 2007/03/16 09:49:07 [debug] 7455#0: *1 close http connection: 7
> 2007/03/16 09:49:30 [debug] 7455#0: *2 http check ssl handshake
> 2007/03/16 09:49:30 [debug] 7455#0: *2 https ssl handshake: 0x80
> 2007/03/16 09:49:30 [info] 7455#0: *2 peer closed connection in SSL handshake
> while reading client request line, client: 10.10.200.117, server: localhost
> 2007/03/16 09:49:30 [debug] 7455#0: *2 http close request
> 2007/03/16 09:49:30 [debug] 7455#0: *2 http log handler
> 2007/03/16 09:49:30 [debug] 7455#0: *2 close http connection: 7
> 2007/03/16 09:49:48 [debug] 7455#0: *3 http check ssl handshake
> 2007/03/16 09:49:48 [debug] 7455#0: *3 https ssl handshake: 0x80
> 2007/03/16 09:49:48 [debug] 7455#0: *3 http process request line
> 2007/03/16 09:49:48 [debug] 7455#0: *3 http process request line
> 2007/03/16 09:49:48 [debug] 7455#0: *3 http request line: "GET /index.html
> HTTP/1.1"
> 
> Are OpenSSL libraries on both computers the same ?
> 
> Try

Sorry

> -       ssl_protocols  SSLv3;
> +       ssl_protocols  SSLv3;

+       ssl_protocols  SSLv3 TLSv1;

>         ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
> -       ssl_prefer_server_ciphers   on;
> +       ssl_prefer_server_ciphers   on;

+       ssl_prefer_server_ciphers   off;


-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list