TLS/SSL is much slower than plain communication. The reason is simple - the IO buffer size.
The default TCP output buffer for a socket on windows differs from version to version. w2k3 - 8kB w2K8R2 - 64kB (with some dynamics) w2k12R2 - not sure, but at least 64kB with default dynamics SSL - 16kB encrypted data maximum on all OS If you have a look in to your debug logs, you'll see that google sends only 1440 byte per SSL frame, which is one decrypted ethernet frame at the default MTU 1500. If you would do a debug on a plain connection, you would see 64kB or even more. So it will take at least ~40 times the time of a plain frame to receive a SSL junk of 64kB from google. For my nice old w2k3 the difference is much less. If for example hotmail uses 16kB SSL frames (~ 11 ethernet frames per SSL frame) - it would be 11 times faster than google. This is caused by the nature of assp. It receives one frame (all available data for TLS/SSL connections) for each active connection (in a worker) after each other - means one at each cycle of processing. Enough basic IT stuff - I don't want to bore others. Thomas Von: K Post <nntp.p...@gmail.com> An: ASSP development mailing list <assp-test@lists.sourceforge.net> Datum: 27.09.2016 14:15 Betreff: Re: [Assp-test] Inbound TLS from gmail.com addresses / servers My abbreviated notes: 1) What a terrific explanation!! Thank you Thomas not just for the write up, but for taking all the time necessary to figure all this out 2) IO::Socket::SSL and Net::SSLeay Both of mine are the latest versions (newer than the recommended / minimum that shows in the info gui) 3) A different / additional problem with TLS? Can we tell what algorithm Google uses? So we wasted allot of time looking for a TLS/SSL issue - life is not easy. ******************************* Back to the 'TLS' relation. Forget it - this issue has totaly nothing to do with TLS/SSL! ******************************* What you describe elsewhere makes sense, BUT looking at my tests, an email with 11 MB of attachments takes 19 seconds with TLS turned off, and with TLS on 662 seconds. That's 34 times longer. I know SSL takes processing power, but that's a huge overhead no? *Can we tell from the logs / debug / or some other test what TLS algorithm google is using*? Since I only see this horrific slowdown with Google and TLS, I wonder if I might only allow a (slightly?) lesser algorithm that's still secure but not quite as intensive. Note that identical hardware runs Apache on Windows with OpenSSL, Exchange (SSL), and others without any noticeable slowdown due to the encryption. You've clearly identified a major different problem with grow, etc, but I'm not so sure that I'm not also experiencing a SSL/TLS problem. Eagerly awaiting the next version! Thanks. ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
------------------------------------------------------------------------------
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test