openssl performance
Hi Experts, OpenSSL 9.8b. We are facing some performance issues with it. I heard that doing session reuse or using some other ciphers can help improve the performance significantly. I would like to know - 1. Is using the session reuse with ssl handshake is advisable? I read somewhere that session reuse with openssl is controversial with memory usage. It might have some memory leaks. Is that true? What are other issues with ssl session reuse? Does anyone has any numbers on performance gain with session reuse? 2. Does changing cipher used improve performance? We use the default one. Is there any numbers on this too? I plan to use one of - SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DH_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA Thanks for your help! Raj
Re: openssl performance
Anybody any comments? On Tue, Apr 1, 2008 at 11:56 PM, raj H <[EMAIL PROTECTED]> wrote: > Hi Experts, > > OpenSSL 9.8b. We are facing some performance issues with it. I > heard that doing session reuse or using some other ciphers can help improve > the performance significantly. > I would like to know - > > 1. Is using the session reuse with ssl handshake is advisable? I read > somewhere that session reuse with openssl is controversial with memory > usage. It might have some memory leaks. Is that true? What are other issues > with ssl session reuse? Does anyone has any numbers on performance gain with > session reuse? > > 2. Does changing cipher used improve performance? We use the default one. > Is there any numbers on this too? I plan to use one of - > > SSL_RSA_WITH_3DES_EDE_CBC_SHA > SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA > SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA > TLS_RSA_WITH_3DES_EDE_CBC_SHA > TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA > TLS_RSA_WITH_AES_128_CBC_SHA > TLS_DH_RSA_WITH_AES_128_CBC_SHA > TLS_DHE_RSA_WITH_AES_128_CBC_SHA > TLS_RSA_WITH_AES_256_CBC_SHA > TLS_DH_RSA_WITH_AES_256_CBC_SHA > TLS_DHE_RSA_WITH_AES_256_CBC_SHA > > Thanks for your help! > > Raj >
Re: openssl performance
Thanks Marek for your comments! When you say, session reuse improves the handshake performance, what factor? If normal handshake takes 1 second, how long it will take to negotiate session re-use? What about the other issues such as memory leaks and security concerns with session re-use? Does anyone has any performance numbers on encrption with cipher suites using AES / 3DES and others? David, Here are more details - I am running on HP NonStop system. It is an mainframe application. But I dont think anybody would have performance number on this so I didn't mentioned the platform. I am interested in knowing the gain factors on other platforms so that I can co-relate those numbers on nonstop platform. Currently it takes around 1 second of cpu time for handshake. Kalyan, I would surely help you with the code snippet in C. Email me! I am sorry these questions are really vague and not of challenge for the technical personals. But I believe these are the questions any solution developer or openssl user would have. Isn't the OpenSSL publishes any numbers? On Thu, Apr 3, 2008 at 2:15 AM, <[EMAIL PROTECTED]> wrote: > Hello, > > [EMAIL PROTECTED] wrote on 04/03/2008 04:18:42 AM: > > > Anybody any comments? > > > On Tue, Apr 1, 2008 at 11:56 PM, raj H <[EMAIL PROTECTED]> wrote: > > Hi Experts, > > > > OpenSSL 9.8b. We are facing some performance issues with it. I > heard that > > doing session reuse or using some other ciphers can help improve the > performance significantly. > > I would like to know - > > > > 1. Is using the session reuse with ssl handshake is advisable? I read > somewhere that > > session reuse with openssl is controversial with memory usage. It might > have some memory > > leaks. Is that true? What are other issues with ssl session reuse? Does > anyone has any > > numbers on performance gain with session reuse? > This is method improves handshake performance when your client > connects/disconnects > many times to your server in short time (like https client connections > with HTTP/1.0). > In this case handshake exchanges only 6 packets (without RSA encryption in > case where > RSA certificates are used) instead of 9/10/12 (depending of authorization > scheme). > > > 2. Does changing cipher used improve performance? We use the default > one. Is there any > > numbers on this too? I plan to use one of - > In general: use AES instead of DES3, its faster. > > Best regards, > -- > Marek Marcola <[EMAIL PROTECTED]> > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
Re: openssl performance
Thanks Jimmy! This command looks to help me for the performance! Only thing is I have to get it working. I keep on getting errors. Anyways, thanks! I will go through and get it running. Any inputs on session reuse? On Thu, Apr 3, 2008 at 12:39 PM, jimmy bahuleyan <[EMAIL PROTECTED]> wrote: > raj H wrote: > > > Thanks Marek for your comments! > > > > > > [snip] > > I am sorry these questions are really vague and not of challenge for the > > technical personals. But I believe these are the questions any solution > > developer or openssl user would have. Isn't the OpenSSL publishes any > > numbers? > > > > Have you tried the command > > $ openssl s_time > > > -jb > -- > Real computer scientists don't comment their code. The identifiers are > so long they can't afford the disk space. > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
