Can you please run and post results for the following: openssl speed -elapsed rsa512
openssl speed -elapsed rsa512 -multi 4 My hunch, is your Apache numbers will be right near the multi results ,and your node.js requests per second will be right near the non-multi. I've tested locally, and that is the behavior that I saw. This is because Node.js is running all of the RSA operatons in the single event loop thread, while Apache is using multiple processes or threads, and TLS negotiation is an inherently CPU bound operation. I was unable to reproduce the issue with Session resumption. From everyone I can tell, Node.js is setting the right options for OpenSSL to use its built in SSL Session cache, which has a default limit of 20,000 entries. You can test this by running: openssl s_client -connect 127.0.0.1:8443 -reconnect And looking at the values of the Session-ID line. On Tue, Feb 28, 2012 at 3:21 PM, Kelly Fox <atinyfis...@gmail.com> wrote: > After speaking a bit with Isaac on IRC, he convinced me to post here. :) > > I compared node's SSL handshaking performance to Apache 2.2 on the same > hardware and node's performance seemed lower than I'd expected. Node was > getting about 600-650 handshakes per second while Apache 2.2 was getting > about 2000. I ran each test for 30 seconds to see if performance was > sustained. After digging into the packet captures a bit, it looks like node > does not reuse Session IDs when the client offers a previously-negotiated > ID. Other SSL-capable web servers, e.g. Apache and lighttpd, do. > > Adding the option to reuse session IDs would theoretically make node's > performance jump appreciably higher. > > My server setup: > > Fedora 16 with latest updates at the time of this post > node.js v0.6.11 (installed via the repo at nodejs.tchol.org) > Apache 2.2.22 (httpd-2.2.22-1.fc16.x86_64) > RSA_With_3DES_EDE_CBC_SHA cipher > 512-bit encryption > SSLv3 (not TLSv1) > Tweaks to my kernel params per the attached file > Bastardized Apache config per the attached file > No network traffic on the NIC other than test traffic > No other apps appreciably sucking CPU > Server hardware: quad-core Xeon @3.60GHz, 8GB RAM, 1Gb NIC > > The node.js code I used is here: https://gist.github.com/1934981 > > The "clients" I used were actually simulated using dedicated > application/network simulation equipment. The clients were configured to > simply perform an SSL handshake , then close the connection with a reset. I > used a single source IP address with a varying source port range (ports > 1024-65535). > > I'd be happy to run more tests or provide more details if needed. > > Regards, > Kelly
