Thanks I have big improvement. Do you have idea also how to short the authentication delay?
Thanks Avner -----Original Message----- From: Christian Grothoff <[email protected]> Reply-to: libmicrohttpd development and user mailinglist <[email protected]> To: libmicrohttpd development and user mailinglist <[email protected]> Subject: Re: [libmicrohttpd] HTTPS delay Date: Sun, 30 Oct 2011 18:53:11 +0100 On 10/30/2011 06:12 PM, Avner Flesch wrote: > Thanks for the fast reply. > I am using Linux on powerpc 875 (50 MHz). Then 6s could totally be encryption. This article might be a good start for cipher choices: http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/ Also make sure that you compiled libgcrypt with optimizations (-O3). Best regards, Christian > -----Original Message----- > From: Christian Grothoff<[email protected]> > Reply-to: libmicrohttpd development and user mailinglist > <[email protected]> > To: [email protected] > Subject: Re: [libmicrohttpd] HTTPS delay > Date: Sun, 30 Oct 2011 17:56:01 +0100 > > > On 10/30/2011 05:16 PM, Avner Flesch wrote: >> Hi, >> >> I am developing simple secured HTTP (HTTPS) server for embedded system. >> It seems that the delay is rather long - for example ~230 KB file delay >> is almost 6 seconds. >> Is there a way to speed it up? > > On an embedded system, I suspect the main contributor to latency is CPU > time for the cryptographic operations (you didn't say what kind of > embedded system, so it's hard for me to say if 6s is good or bad). > > You could configure MHD to use different (faster) ciphers, which may > give you significant performance improvements (if CPU speed is the > problem). Google's choices for HTTPS might be a good starting point. > > Changing the default cipher suite in MHD is done using > MHD_OPTION_HTTPS_PRIORITIES followed by a string specifying the ciphers > (see 'gnutls_priority_init' documentation for the format of that string). > > Other than that, there is little you can do: HTTPS is slow, and I'm > generally pretty sure that MHD and GNUtls are about as fast as they can > be (so switching to a different HTTP(S) server would also most likely > not help you --- unless that server uses a different cipher suite by > default, and in that case you could just use the option I gave above). > > Happy hacking! > > Christian > > > >
