stunnel: Performance

Do you really need a hardware TLS accelerator? Check stunnel performance data below.

Data throughput ECDHE-RSA-AES128-GCM-SHA256400 MB/s3.2 Gbit/s
ECDHE-RSA-AES256-GCM-SHA384380 MB/s3.0 Gbit/s
RC4-MD5220 MB/s1.8 Gbit/s
ECDHE-RSA-AES256-SHA384103 MB/s0.8 Gbit/s
ECDHE-RSA-AES128-SHA25685 MB/s0.68 Gbit/s
DES-CBC3-SHA16 MB/s0.13 Gbit/s
New connections New session(1,2)580 conn/s
Resumed session(2)5 200 conn/s
PSK authentication(3)5 000 conn/s
Concurrent sessions Unix poll() / Win32over 10 000 tested(4)
Unix select()500
Memory usageResident Set Size (RSS)5 MB + 60 KB/conn

Performance was tested on:
  • Intel(R) Core(TM) i7-2637M CPU @ 1.70GHz
  • Ubuntu 14.04 LTS, kernel 3.16.7-991-generic
  • OpenSSL 1.0.1f-1ubuntu2.7
  • stunnel 5.09 running on two cores (taskset -c 0,2)

(1) 2048-bit RSA certificate
(2) Negotiated encryption: ECDHE-RSA-AES256-GCM-SHA384
(3) Negotiated encryption: PSK-AES256-CBC-SHA
(4) In order to handle N concurrent connections on a Unix platform, stunnel requires nfile (ulimit -n) to be higher than 2*N, and nproc (ulimit -u) to be higher than N.

View Michal Trojnara's profile on LinkedIn


Valid HTML 4.01 Transitional