On Thu, Mar 31, 2011 at 7:56 AM, Mark Montague <mark@xxxxxxxxxxx> wrote: > On March 30, 2011 19:44 , Ishita Kapadiya <ishimegh@xxxxxxxxx> wrote: >> >> Hi Mark, >> >> Thanks for your suggestion. I tried below settings in httpd.conf - >> >> <IfModule ssl_module> >> #SSLRandomSeed startup builtin >> #SSLRandomSeed connect builtin >> SSLRandomSeed startup file:/dev/urandom 1024 >> SSLRandomSeed connect file:/dev/urandom 1024 >> </IfModule> >> >> the commented line was there when I initially posted my query and now >> I changed it with mentioned lines. But still got the same result. >> Even i tried with /dev/random option but that option didn't work at >> all (may be not supported with my OS config) >> Could you or anyone please help me to resolve this problem. I want to >> resolve it. I tried to google it but couldn't find any solution. >> Any help will be great. > > I had to scale things back a bit in the VM guest that I use for development, > but here is what I'm seeing: > > ab -n 10000 -c 10 http://f14dev1.catseye.org/index.html > Time taken for tests: 2.579 seconds > > ab -n 10000 -c 10 https://f14dev1.catseye.org/index.html > Time taken for tests: 197.999 seconds > > This is a ratio ( time for HTTPS / time for HTTP ) of 76.77. In your > original message, you had a ratio of 62.74. > > > The following Q&A observes the same thing, and it includes a number of > explanations: > > http://serverfault.com/questions/43692/how-much-of-a-performance-hit-for-https-vs-http-for-apache > > > In other words, there is likely not anything wrong with your configuration. > > > A final note: the performance difference does seem to center around the TLS > session negotiation rather than encryption. If I enable keepalive for my > benchmark, the time for HTTP decreases from 2.575 seconds to 1.437 seconds; > but the time for HTTPS drops from 197.999 seconds to 4.237 seconds (yes, 193 > seconds quicker simply by reusing connections!) Whether using keepalive or not, you need a client that can reuse SSL sessions to better simulate real-world traffic (and of course perform reasonably). Does anyone know if either of the tools mentioned in this thread (ab, JMeter) do that, or do that when invoked/configured in a certain way? Next, mod_ssl needs to be caching sessions properly. Is an SSL session cache enabled? Even if so, it is worth using mod_ssl tracing to confirm that the combination of client/server behavior results in a reasonably high session cache utilization. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|