After speaking a bit with Isaac on IRC, he convinced me to post here. :) I compared node's SSL handshaking performance to Apache 2.2 on the same hardware and node's performance seemed lower than I'd expected. Node was getting about 600-650 handshakes per second while Apache 2.2 was getting about 2000. I ran each test for 30 seconds to see if performance was sustained. After digging into the packet captures a bit, it looks like node does not reuse Session IDs when the client offers a previously-negotiated ID. Other SSL-capable web servers, e.g. Apache and lighttpd, do.
Adding the option to reuse session IDs would theoretically make node's performance jump appreciably higher. My server setup: - Fedora 16 with latest updates at the time of this post - node.js v0.6.11 (installed via the repo at nodejs.tchol.org) - Apache 2.2.22 (httpd-2.2.22-1.fc16.x86_64) - RSA_With_3DES_EDE_CBC_SHA cipher - 512-bit encryption - SSLv3 (not TLSv1) - Tweaks to my kernel params per the attached file - Bastardized Apache config per the attached file - No network traffic on the NIC other than test traffic - No other apps appreciably sucking CPU - Server hardware: quad-core Xeon @3.60GHz, 8GB RAM, 1Gb NIC The node.js code I used is here: https://gist.github.com/1934981 The "clients" I used were actually simulated using dedicated application/network simulation equipment<http://www.breakingpointsystems.com/cyber-tomography-products/breakingpoint-firestorm-ctm/>. The clients were configured to simply perform an SSL handshake , then close the connection with a reset. I used a single source IP address with a varying source port range (ports 1024-65535). I'd be happy to run more tests or provide more details if needed. Regards, Kelly
apache22SSL-config.tgz
Description: GNU Unix tar archive
sysctl.conf
Description: Binary data
