> Ok i can see it now, thanks. I will try to find out when is my django app > actually using ssl_fc_session_id, but I haven't understood after all how > is an empty ssl_fc_session_id related to haproxy low performance? > > Evie >
hi Evie, When no SSL Session ID is sent, the server has to compute a key, while it can resume a previous session when the session ID is provided by the client. More info here: http://blog.haproxy.com/2011/09/16/benchmarking_ssl_performance/ Keep in mind on a single core of a modern CPU, you can compute around 700 keys per second (with a private key size of 2048 bits) and you can do 12000 TPS (TLS1.2) (when the SSL session ID is provided). So SSL performance depends on your work load. If your service is a webservice where clients get connected, and disappear, you'll have a few hundreds req/s. If you host a webste with many objects, then you'll have many thousends req/s. Baptiste
