With haproxy 1.5-dev23 and no DH parameters in the cert file :
$ ab -n1000 -c100 -Z ECDHE-RSA-AES256-GCM-SHA384,2048,256 https://127.0.0.1/
Requests per second: 427.94 [#/sec] (mean)
Time per request: 233.679 [ms] (mean)
[...]
The same test with 1024 bits DH parameters in the cert file :
$ ab -n1000 -c100 -Z DHE-RSA-AES256-GCM-SHA384,2048,256 https://127.0.0.1/
Requests per second: 290.67 [#/sec] (mean)
Time per request: 344.027 [ms] (mean)
That's a bit strange, are you using the same 1024 bits DH parameters
in the cert file that the ones that are hardcoded in 1.5-dev22 and
1.5-dev24? Because then I would have expected the same results.
I tried to reproduce your tests with siege by comparing dev-22 without DH
parameters in the cert file and -dev23 with those:
-----BEGIN DH PARAMETERS-----
MIGHAoGBAJJAJDXDoS5E03MNjnjK36eOL1tRqVa/9NuOVlI+lpXmPjJQbP65EvKn
fSLnG7VMhoCJO4KtG88zf393ltP7loGB2bofcDSr+x+XsxBM8yA/Zj6BmQt+CQ9s
TF7hoOV+wXTT6ErZ5y5qx9pq6hLfKXwTGFT78hrE6HnCO7xgtPdTAgEC
-----END DH PARAMETERS-----
I get roughly the same CPS (forcing haproxy to provide only DHE key
exchange with the ciphers keyword) for both versions, which seems logical.
--
Rémi Gacogne
Aqua Ray
SAS au capital de 105.720 Euros
RCS Creteil 447 997 099
www.aquaray.fr
14, rue Jules Vanzuppe
94854 IVRY-SUR-SEINE CEDEX (France)
Tel : +33 1 84 04 04 05
