httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ishita Kapadiya <ishim...@gmail.com>
Subject Re: [users@httpd] Apache is too slow with SSL
Date Thu, 07 Apr 2011 03:09:14 GMT
Hi Jeff,

both ab and JMETER is using keep alive. I am using SSL session cache
in the config as -
SSLSessionCache        "shmcb:/path to logs/ssl_scache(512000)"

> Even if so, it is worth using mod_ssl tracing to confirm that the
> combination of client/server behavior results in a reasonably high
> session cache utilization.

Please let me know how can i trace mod_ssl to confirm session cache utilization.

On Wed, Apr 6, 2011 at 10:32 AM, Jeff Trawick <trawick@gmail.com> wrote:
> On Thu, Mar 31, 2011 at 7:56 AM, Mark Montague <mark@catseye.org> wrote:
>>  On March 30, 2011 19:44 , Ishita Kapadiya <ishimegh@gmail.com>  wrote:
>>>
>>> Hi Mark,
>>>
>>> Thanks for your suggestion. I tried below settings in httpd.conf -
>>>
>>> <IfModule ssl_module>
>>> #SSLRandomSeed startup builtin
>>> #SSLRandomSeed connect builtin
>>> SSLRandomSeed startup file:/dev/urandom 1024
>>> SSLRandomSeed connect file:/dev/urandom 1024
>>> </IfModule>
>>>
>>> the commented line was there when I initially posted my query and now
>>> I changed it with mentioned lines. But still got the same result.
>>> Even i tried with /dev/random option but that option didn't work at
>>> all (may be not supported with my OS config)
>>> Could you or anyone please help me to resolve this problem. I want to
>>> resolve it. I tried to google it but couldn't find any solution.
>>> Any help will be great.
>>
>> I had to scale things back a bit in the VM guest that I use for development,
>> but here is what I'm seeing:
>>
>> ab -n 10000 -c 10 http://f14dev1.catseye.org/index.html
>> Time taken for tests:   2.579 seconds
>>
>> ab -n 10000 -c 10 https://f14dev1.catseye.org/index.html
>> Time taken for tests:   197.999 seconds
>>
>> This is a ratio ( time for HTTPS / time for HTTP ) of 76.77.  In your
>> original message, you had a ratio of 62.74.
>>
>>
>> The following Q&A observes the same thing, and it includes a number of
>> explanations:
>>
>> http://serverfault.com/questions/43692/how-much-of-a-performance-hit-for-https-vs-http-for-apache
>>
>>
>> In other words, there is likely not anything wrong with your configuration.
>>
>>
>> A final note:  the performance difference does seem to center around the TLS
>> session negotiation rather than encryption.  If I enable keepalive for my
>> benchmark, the time for HTTP decreases from 2.575 seconds to 1.437 seconds;
>> but the time for HTTPS drops from 197.999 seconds to 4.237 seconds (yes, 193
>> seconds quicker simply by reusing connections!)
>
> Whether using keepalive or not, you need a client that can reuse SSL
> sessions to better simulate real-world traffic (and of course perform
> reasonably).
>
> Does anyone know if either of the tools mentioned in this thread (ab,
> JMeter) do that, or do that when invoked/configured in a certain way?
>
> Next, mod_ssl needs to be caching sessions properly.
> Is an SSL session cache enabled?
> Even if so, it is worth using mod_ssl tracing to confirm that the
> combination of client/server behavior results in a reasonably high
> session cache utilization.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message