ssl_ciphers for speed

Sparsh Gupta sparshgupta at gmail.com
Sun May 6 09:20:58 UTC 2012


Thanks, I dont have AES support in my processor and I tried doing some
benchmarks with the suggested cipher

I saw very negligible improvement unfortunately. Is this is the best my
processor can do? Or is there any thing else I can tweak in my machine (and
nginx) to improve SSL connections speed

Thanks
Sparsh Gupta


On 6 May 2012 00:57, ktm at rice.edu <ktm at rice.edu> wrote:

> On Sat, May 05, 2012 at 06:23:24PM +0530, Sparsh Gupta wrote:
> > Hello
> >
> > I am using nginx 2.0 built with OpenSSL 0.9.8 and I have the following
> > configuration for my ssl:
> >
> > listen 443 ssl;
> > ssl_certificate /etc/ssl/private/wildcardcert.crt;
> > ssl_certificate_key /etc/ssl/private/wildcardcert.key;
> > ssl_session_cache   shared:SSL:20m;
> > ssl_session_timeout 5m;
> > ssl_prefer_server_ciphers on;
> >
> >
> > Since I dont have ssl_ciphers I assume its picking up the default
> settings '
> > HIGH:!ADH:!MD5;'
> >
> > I found quite a few articles to make the SSL connection strong and more
> > secure but I am looking for a solution which is fastest in terms of
> > negotiating an SSL connection. Can you recommend me some ssl_cipher /
> other
> > settings I should try to boost speed. I dont transfer any secure data so
> I
> > am not concerned about security.
> >
> > Thanks
> > Sparsh Gupta
>
> Here is what we use for a use case with similar requirements:
>
> ssl_ciphers
> RC4:AES128+SHA:!kEDH:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
>
> RC4 is the fastest without hardware assist. If you have hardware support in
> your processor for AES, put the AES128 first, instead of RC4.
>
> Regards,
> Ken
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120506/e098803b/attachment.html>


More information about the nginx mailing list