And stud is still young and does not have all the features stunnel owns ;) cheers
On Tue, Dec 13, 2011 at 11:43 PM, John Lauro <john.la...@covenanteyes.com> wrote: > Interesting. > > Found this with google comparing the two (only a few months old): > http://vincent.bernat.im/en/blog/2011-ssl-benchmark.html > > In summary, performance appears to be close as long as you only have 1 core, > but stud scales better with multiple cores. However, as noted in the > replies, newer version of stunnel probably perform better. > > > > >> -----Original Message----- >> From: "Brane F. Gračnar" [mailto:brane.grac...@tsmedia.si] >> Sent: Tuesday, December 13, 2011 5:21 PM >> To: David Prothero >> Cc: John Lauro; haproxy@formilux.org >> Subject: Re: SSL best option for new deployments >> >> On 12/13/2011 10:43 PM, David Prothero wrote: >> > I've been using stunnel with the X-Forwarded-For patch. Is stud >> preferable to stunnel for some reason? >> >> Stunnel usually uses thread-per-connection architecture - as you >> probably know this programming model has serious scaling issues. Stud is >> single-threaded and runs as single-master/multiple-workers process, >> meaning that it can efficiently utilize power of multi-core cpus without >> context-switching overheaded resulting from hundreds (possibly >> thousands) of threads competing for cpu time slice. >> >> Stud is implemented on top of libev, one of the most efficient event >> loops available. >> >> It also uses much less memory than stunnel (openssl >= 1.x.x). >> >> Best regards, Brane >