> When we do a speed test without OpenSSL (TWSocketClient > connecting to TCustomMultiListenWSocketServer) we get speeds of > ~8MB/s. Since we're connected to a 100MPS LAN, this sounds is > great. When we do the same test using OpenSSL on the same network, > the speed drops to around 300kB/s.
Testing my DUN Manager software, which uses my TMagHttp component uses ICS OpenSSL, I can test against IIS/8 and my public (www) server and ICS (www3) web server on my local server (which is publicly accessible): http://www3.telecom-tariffs.co.uk/testing/speed50meg.zip Download OK, size: 48.8 Mbytes, duration 0:08, average speed 6.04M/sec http://www.magsys.co.uk/download/testing/speed50meg.zip Download OK, size: 48.8 Mbytes, duration 0:15, average speed 3.13M/sec https://www3.telecom-tariffs.co.uk/testing/speed50meg.zip SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES128-GCM-SHA256, key exchange ECDH, encryption AESGCM(128), message authentication AEAD Download OK, size: 48.8 Mbytes, duration 0:03, average speed 12.8M/sec https://www.magsys.co.uk/download/testing/speed50meg.zip SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES256-SHA384, key exchange ECDH, encryption AES(256), message authentication SHA384 Download OK, size: 48.8 Mbytes, duration 0:17, average speed 2.86M/sec So I seem to get fast SSL connection locally, and slightly slower from the public server (100 Mbit only). www.telecom-tariffs.co.uk is the public ICS web server, but I only get 50K since it's IPv6 over two SixXS tunnels for me, so horribly slow. You can access all these URLs yourself, or similar FTP versions using the ICS FTP server. SSL connection speed is slow, due to passing and checking certificates and negotiating encryption. And very slow if you check for certificate revocation since that requires an HTTP lookup to the issuer. Actual streaming throughput is expected to be slower due to the actual encryption overhead, and this depends on server CPU overhead, CPU type (some have special instructions) and whether OpenSSL engines are used to speed up encryption. Commercial web sites may separate web server and SSL encryption on different hardware. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
