What I said still applies. The only difference is that there is (substantially) less overhead on a new http connection compared to https.
Keepalive is quite likely to be the reason for the substantial performance deviation between your two tests. -JohnF On 2011 11 12 22:46, "David Prothero" <[email protected]> wrote: > Thanks for that tip. I will keep an eye out for that when we begin our SSL > performance testing. Currently, however, the delay is with regular http > connections directly to haproxy. > > David > > Wout Mertens <[email protected]> wrote: > > On Nov 11, 2011, at 17:43 , David Prothero wrote: > > The local test showed a very small (and more than acceptable) overhead of > 7ms for the entire page load (all 29 requests) when going through HAProxy. > However, tests from longer distances over various IP’s showed an overhead > that seemed to be proportional to the amount of latency in the connection. > Typical overhead times we are seeing from various locations (both from > enterprise and consumer grade connections) are around 200-400ms.**** > > > Delay values of multiples of 200ms are due to the Nagle algorithm. Try > adding > > socket=l:TCP_NODELAY=1 > socket=r:TCP_NODELAY=1 > > to your stunnel configuration. > > Wout. >
