

More nginx/stunnel ssl testing - nginxorg
http://nginx.org/pipermail/nginx/2011-July/027960.html

======
jamwt
I'd just like to go on the record to say, chances are that what we're all
benchmarking here (stunnel/stud/nginx) is essentially openssl--and that,
unsurprisingly, when we use whatever contortions are necessary to get OpenSSL
set up in identical configurations within each daemon, the results are roughly
on par.

tl;dr -- we can probably all stop doing these benchmarks since we're largely
benchmarking the same thing.

~~~
jashkenas
If that's the case ... then it's a real problem.

The mainstream argument lately has been that SSL is so minimally
computationally intensive that it doesn't hurt to just use it by default for
all of your traffic. If piping your traffic through SSL is _so_
computationally intensive that it dominates your entire cross-webserver
benchmark ... then the mainstream argument can't possibly be true.

~~~
jvehent
_SSL is so minimally computationally intensive that it doesn't hurt to just
use it by default for all of your traffic_

May I ask where you got that from ?

SSL, or to be more accurate RSA, IS computationally intensive, but mostly at
the establishment of the session (you cannot do millions of multiplications on
a consumer grade CPU without expecting some delay and heat).

Once the connection is established, and can be reused/resumed, it's relatively
cheap.

------
mtrojnar
Real SSL clients are supposed to use SSL session resumption. Benchmarking with
a client that only negotiates new sessions hardly reflects real-life usage.

