stunnel: Performance

Do you really need a hardware TLS accelerator? Check stunnel performance data below.

Data throughput ECDHE-RSA-AES128-GCM-SHA256688 MB/s5.5 Gbit/s
ECDHE-RSA-AES256-GCM-SHA384648 MB/s5.2 Gbit/s
ECDHE-RSA-AES128-SHA256244 MB/s2.0 Gbit/s
ECDHE-RSA-AES256-SHA384204 MB/s1.6 Gbit/s
DES-CBC3-SHA28 MB/s0.22 Gbit/s
New connections New session(1,2)750 conn/s
Resumed session(2)4 700 conn/s
PSK authentication(3)4 460 conn/s
Concurrent sessions Unix poll() / Win32over 10 000 tested(4)
Unix select()500
Memory usageResident Set Size (RSS)5 MB + 60 KB/conn


Performance was tested on:
  • Intel® Core™ i5-3570K CPU @ 3.40GHz
  • Ubuntu 14.10, kernel 3.18.11-031811-generic x86_64
  • OpenSSL 1.0.2a (built from source with gcc-4.9)
  • stunnel 5.16 running on a single CPU core (taskset -c 0)

(1) 2048-bit RSA certificate
(2) Negotiated encryption: ECDHE-RSA-AES256-GCM-SHA384
(3) Negotiated encryption: PSK-AES256-CBC-SHA
(4) In order to handle N concurrent connections on a Unix platform, stunnel requires nfile (ulimit -n) to be higher than 2*N, and nproc (ulimit -u) to be higher than N.

View Michal Trojnara's profile on LinkedIn

OpenSSL

Valid HTML 4.01 Transitional

Sponsor links:

Meaning of Names