It appears including static DH params in the certificate brings the performance back up in 4.40 and onward.

Would like to mark this RESOLVED.

Regards.

On Wed, Apr 17, 2013 at 11:29 PM, PPingPongBaker PPingPongBaker <ppingpongbaker@gmail.com> wrote:

Another data point after a binary search across versions keeping OpenSSL version identical at 1.0.1e

I see this performance regression between stunnel versions 4.39 and 4.40.

Regards.

On Wed, Apr 17, 2013 at 4:46 PM, PPingPongBaker PPingPongBaker <ppingpongbaker@gmail.com> wrote:

On Wed, Apr 17, 2013 at 12:23 PM, Janusz Dziemidowicz <rraptorr@nails.eu.org> wrote:

2013/4/17 PPingPongBaker PPingPongBaker <ppingpongbaker@gmail.com>:

If you want to compare various stunnel versions, then use the same
OpenSSL version. If you want to compare OpenSSL... then use the same
stunnel version. The configuration you mentioned above doesn't make a
lot of sense as it makes it hard to tell where the performance drop
comes from. If you really must test such configuration, the best way
would be to ensure the same TLS version (1.0, not 1.1 or 1.2, OpenSSL
1.0.1 defaults to 1.2) and the same cipher.

Hi Janusz,

As per your suggestions and mea culpa in some stated results. Here is a hopefully complete/better matrix. Making sure that CPU is pegged at 100% and in stunnel.conf (sslVersion = TLSv1)

stunnel 4.29, OpenSSL 0.9.8o - ~300 requests per sec

stunnel 4.29, OpenSSL 1.0.1e - ~360 requests per sec
stunnel 4.56, OpenSSL 0.9.8o - ~100 requests per sec

stunnel 4.56, OpenSSL 1.0.1e - ~120 requests per sec

Regards.