Am 21.02.2014 14:13, schrieb Dr Stephen Henson: > On 21/02/2014 13:02, Jeff Trawick wrote: >> Including [email protected]... >> >> Is anybody else seeing the same behavior? Looking at the documentation, 2.4.7 >> has gained some performance improvements, but I’m seeing something different >> on >> my end > > Perhaps it's the increased DH parameter size? If it has increased from 1024 > bits > to 2048 that would have a significant effect. > > OpenSSL 1.0.2 s_client can help check this, if you do: > > openssl s_client -connect www.host.com:443 > > it says (among lots of other stuff): > Server Temp Key: DH, xxxx bits
most likely, on the other hand clients using DHE instead ECDHE are rare these days, the others are using no PFS at all HTTP OK: Status line output matched "200" - 19091 bytes in 0.023 second response time |time=0.022968s;2.000000;3.000000;0.000000 size=19091B;;;0 is in any case not that fast since i see response times around 0.003 to 0.010 seconds on CMS page with db-backends, below a https-ab-benchmark on a statical image with a 4096 Bit RSA which is most likely larger than 99% out there Server Hostname: secure.thelounge.net Server Port: 443 SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,4096,128 Document Path: ************************************** Document Length: 11019 bytes Concurrency Level: 100 Time taken for tests: 39.741 seconds Complete requests: 10000 Failed requests: 0 Total transferred: 113840000 bytes HTML transferred: 110190000 bytes Requests per second: 251.63 [#/sec] (mean) Time per request: 397.413 [ms] (mean) Time per request: 3.974 [ms] (mean, across all concurrent requests) Transfer rate: 2797.39 [Kbytes/sec] received
signature.asc
Description: OpenPGP digital signature
