ssl benchmarks with and without nginx

Vincent Bernat bernat at luffy.cx
Tue Oct 11 21:58:22 UTC 2011


OoO  En cette  nuit nuageuse  du mardi  20 septembre  2011,  vers 00:20,
mdounin at mdounin.ru (Maxim Dounin) disait :

>> Maybe someone can verify if there is really a problem in nginx or this
>> difference is due to the fact that nginx is a REAL Webserver and the
>> other both 'only' SSL-Terminator.

> The main problem I see is nginx configuration.  By default nginx 
> is configured to handle real-word load, not for ssl session 
> microbenchmarks.  And the config used in particular test makes 
> things even worse due to "multi_accept on" used.  For 
> microbenchmarking ssl one want to use

>     events {
>         accept_mutext off;
>         multi_accept off;
>         ...
>     }

> to ensure better distribution of connections between worker 
> processes, this should resolve observed latency issues.

Meantime, I have done and published another round of tests where I still
had the  same issues for  nginx. Aleksandar pointed  me to your  post. I
have modified my  nginx configuration as you say  and the latency issues
are now gone. I have updated my latest post with this correction and new
data.   nginx now performs  like stud  (and even  better since  stud has
another kind of latency issue).

 http://vincent.bernat.im/en/blog/2011-ssl-benchmark-round2.html

> p.s. Stunnel in the same test was obviously benchmarked with 
> non-threaded OpenSSL, and that's why it doesn't scale to multiple 
> CPUs.  With properly compiled OpenSSL it will scale fine.

The  problem  with stunnel  was  a bug  in  OpenSSL  (for which  stunnel
implements a slow workaround). Upgrading  to a recent version of OpenSSL
allows stunnel to perform well.
-- 
Vincent Bernat ☯ http://vincent.bernat.im

panic("Attempted to kill the idle task!");
	2.2.16 /usr/src/linux/kernel/exit.c



More information about the nginx mailing list