Hi, On 18.08.2014 18:45, Lukas Tribus wrote: > Hi, > > >> Have you run any performance benchmark against those SSL libraries? > No, I didn't. > > > In fact the boringssl build is not optimized for production use, it > would need some manual changes before building. What about polarssl or cyassl ? Whats your opinion about that if you going to reduce footprint (e.g. size if the lib) > LibreSSL should be quite ok, here's a benchmark with nginx: > https://www.mare-system.de/blog/page/1405201517/ mare-systems do a good job, but they only focus on ninx. But if you take a closer look at ningx you will see that you have to pay for some features. Recently I packaged nginx again for OpenWrt and saw these nasty things. Maybe we could write an blog post about configuring haproxy to achive an A+ at ssllabs and explain the drawbacks that comes with it? E.g. Kicking Support for older browsers like ie on Windows XP?
The same thing can also be achieved with stud and openssl in conjunction with haproxy. > > Regards, > > Lukas > just my 2 cents, thomas
