So three months ago I made a simple performance test with amqsblst. I connected two local qmgrs on Win2K and I sent messages in difference size (10000*1 KB, 10*1 MB) w/ and wo/ SSL.
My observations was next: - significant slowing on small messages (>50%) - minimal difference in performance on large messages (<10%) I was thinking about the reasons: - firstly, SSL handshake is an overhead, similarly other protocols (like MCA handshake, TCP, and so on) - slowing caused by the special environment (2 local queue manager). In this case same box had been loaded with crypto tasks. Tibor ---- > KK, > Not sure if you're looking for W2K performance numbers or not since you > didn't start the thread with W2K in the subject line. > I know that there are currently z/OS figures published in the Performance > Support Pac MP16 on the cost of starting SSL channels and also the cost of > transmitting data as a cost per K of data. These might be of interest to > you. I'll see if I can find out about other platforms and will post another > message later if I find anything published that you can go and look at. > Cheers > Morag > Morag Hughson > WebSphere MQ for z/OS Development > Internet: [EMAIL PROTECTED] > "K K" > <hkmqseries@hotma To: Morag Hughson/UK/IBM@IBMGB > il.com> cc: "MQSeries List" ><[EMAIL PROTECTED]> > Subject: Re: Re: MQ v5.3 and >SSL W2K > 09/01/2003 15:01 > I would like to know where there is an performance evaluation on the > overhead of using SSL on MQV5.3. Besides, any experience on the usage of > SSL on MQ (e.g. stability, overhead, concerns etc) in particular on the > comparison with other MQ encryption tool such as MQSecure or 'Data Secure'. > KK > ----- Original Message ----- > From: "Morag Hughson" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, January 09, 2003 6:33 PM > Subject: Re: MQ v5.3 and SSL W2K >> To echo a few responses already, yes, you can certainly have SSL and >> non-SSL channel coexisting on the same queue manager since the attributes >> to use SSL are specified on a per channel basis. >> >> However, you cannot configure SSL as optional on a particular channel and >> have some SSL and some non-SSL connection coming into the *SAME* channel. >> You will need a separate channel each for SSL and non-SSL. I think the >> confusion here might be with the SSLCAUTH parameter where you can specify >> REQUIRED or OPTIONAL to indicate whether you require client > authentication >> AS WELL AS server authentication. >> >> Hope this clarifies the point. >> Cheers >> Morag >> >> Morag Hughson >> WebSphere MQ for z/OS Development >> Internet: [EMAIL PROTECTED] >> >> >> >> >> Luc-Michel Demey >> <[EMAIL PROTECTED]> To: > [EMAIL PROTECTED] >> Sent by: MQSeries cc: >> List Subject: Re: MQ v5.3 and > SSL W2K >> <MQSERIES@AKH-WIE >> N.AC.AT> >> >> >> 08/01/2003 21:32 >> Please respond to >> lmd_listmq >> >> >> >> >> >> in one word, yes. >> >> SSL is defined at channel level, not at qmgr level >> >> You can even configure SSL as "optionnal" for a channel, so SSL and >> no-SSL partners will be able to connect. >> >> Useful in a migrating phase probably. >> >> HTH, Luc-Michel. >> >> >> Date sent: Wed, 8 Jan 2003 13:10:41 -0800 >> Send reply to: MQSeries List <[EMAIL PROTECTED]> >> From: Nick Dilauro <[EMAIL PROTECTED]> >> Subject: MQ v5.3 and SSL W2K >> To: [EMAIL PROTECTED] >> >> > I have been reviewing the requirements for using SSL with client to >> server >> > connections. From my reading I understand the qmgr must be configured > to >> > point to the repository file containing digital certificates. Then a >> server >> > connection channel must be defined with the SSL settings. My question > is >> > whether it is also possible to have non-SSL server connection channels >> > defined for an SSL configured qmgr. In other words, could there be > both >> > secure server conn and non-secure server conn channels supported by the >> same >> > qmgr? >> > >> > TIA >> > Nick >> > >> > Nicholas C. DiLauro >> > MQSeries Administrator >> > Technical Services >> > IBM Certified Specialist - MQSeries >> > IBM Certified Developer - MQSeries >> > >> > QRS Corporation >> > 1400 Marina Way South, MS 231 >> > Richmond, California 94804 >> > >> > 510 231 6544 Voice >> > 510 621 6544 Fax >> > [EMAIL PROTECTED] >> > >> > Instructions for managing your mailing list subscription are provided > in >> > the Listserv General Users Guide available at http://www.lsoft.com >> > Archive: http://vm.akh-wien.ac.at/MQSeries.archive >> > >> >> Regards, >> Luc-Michel Demey, [EMAIL PROTECTED] >> >> Instructions for managing your mailing list subscription are provided in >> the Listserv General Users Guide available at http://www.lsoft.com >> Archive: http://vm.akh-wien.ac.at/MQSeries.archive >> >> Instructions for managing your mailing list subscription are provided in >> the Listserv General Users Guide available at http://www.lsoft.com >> Archive: http://vm.akh-wien.ac.at/MQSeries.archive >> > Instructions for managing your mailing list subscription are provided in > the Listserv General Users Guide available at http://www.lsoft.com > Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
