sorry, write by mistake
TLSv1.2,AES256-GCM-SHA384 : the server can handle more than 1500 requests per
second(cpu : 99%)。
TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 : the server can ONLY handle less then
1400 requests per second(cpu :99%)。
At 2017-09-27 08:52:01, "李明" wrote:
The environment is quite simple,client use apachebench to test the performance
of a https server
the apachebench command is like this: ab -c 500 -n 100 https://xx.xx.xx.xx/
TLSv1.2,AES256-GCM-SHA384 : the server can handle more than 1500 requests per
second(cpu : 99%)。
TLSv1.2
Obviously, the DH Ephemeral ciphersuites consist of a (sometimes
fast) DH step PLUS an RSA or ECDSA step to confirm the identity of
the server, while the slightly less secure RSA suites only do the
RSA step. DH+ECDSA requires an ECDSA certificate, which won't
work for clients that require RSA
I am curious about this statement that "(EC)DHE cost much more resources
than RSA". In particular, ECDHE is supposed to be less
computation-intensive than RSA for a given security level, so it would
be interesting to hear what your setup is where the reverse is supposed
to be observed.
-Ben
On
just find it,
server respect client's cipher preference by default,
it selects the suite preferred by client among the cipherlist that both the
client and server support.
so it's not enough to just increase RSA cipher priority on server side ,
SSL_OP_CIPHER_SERVER_PREFERENCE will make
Hello,
Currently, openssl prefer (EC)DHE handshakes over plain RSA, but (EC)DHE
cost much more resouces than RSA.
In order to get higher performance , I want to prioritize RSA related
ciphers, does anyone knows how to do it.
I have tried cipherlist