On Monday, October 31, 2011 02:57:01 PM Avner Flesch wrote: > Thanks > > I have big improvement.
What did you use? How much did performance improve? > Do you have idea also how to short the authentication delay? If you don't already, I'd first try to use a short(er) private key (for example, 1024 bit -- you can try less, but it won't be really secure anymore). Happy hacking, Christian > Thanks > > Avner > > -----Original Message----- > From: Christian Grothoff <[email protected]> > Reply-to: libmicrohttpd development and user mailinglist > <[email protected]> > To: libmicrohttpd development and user mailinglist > <[email protected]> > Subject: Re: [libmicrohttpd] HTTPS delay > Date: Sun, 30 Oct 2011 18:53:11 +0100 > > On 10/30/2011 06:12 PM, Avner Flesch wrote: > > Thanks for the fast reply. > > I am using Linux on powerpc 875 (50 MHz). > > Then 6s could totally be encryption. This article might be a good start > for cipher choices: > > http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/ > > Also make sure that you compiled libgcrypt with optimizations (-O3). > > Best regards, > > Christian > > > -----Original Message----- > > From: Christian Grothoff<[email protected]> > > Reply-to: libmicrohttpd development and user mailinglist > > <[email protected]> > > To: [email protected] > > Subject: Re: [libmicrohttpd] HTTPS delay > > Date: Sun, 30 Oct 2011 17:56:01 +0100 > > > > On 10/30/2011 05:16 PM, Avner Flesch wrote: > >> Hi, > >> > >> I am developing simple secured HTTP (HTTPS) server for embedded system. > >> It seems that the delay is rather long - for example ~230 KB file delay > >> is almost 6 seconds. > >> Is there a way to speed it up? > > > > On an embedded system, I suspect the main contributor to latency is CPU > > time for the cryptographic operations (you didn't say what kind of > > embedded system, so it's hard for me to say if 6s is good or bad). > > > > You could configure MHD to use different (faster) ciphers, which may > > give you significant performance improvements (if CPU speed is the > > problem). Google's choices for HTTPS might be a good starting point. > > > > Changing the default cipher suite in MHD is done using > > MHD_OPTION_HTTPS_PRIORITIES followed by a string specifying the ciphers > > (see 'gnutls_priority_init' documentation for the format of that string). > > > > Other than that, there is little you can do: HTTPS is slow, and I'm > > generally pretty sure that MHD and GNUtls are about as fast as they can > > be (so switching to a different HTTP(S) server would also most likely > > not help you --- unless that server uses a different cipher suite by > > default, and in that case you could just use the option I gave above). > > > > Happy hacking! > > > > Christian
