[stunnel-users] SSL Session Cache and HTTPS performance

Brian Hatch bri at stunnel.org
Tue Jul 19 06:26:32 CEST 2005

> I would like to test the performance difference between enabled and 
> disabled SSLCaching. I use a configuration file for Stunnel 4.11 (daemon 
> mode) where I tell it to accept incoming connections on port 444 and 
> direct them to a local web-server on port 80.


Find code like this in the stunnel source:

	    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);

            SSL_set_session(c->ssl, ctx->session_cache_head))

and comment any occurances out.  Recompile.  Should do the trick.

> Another question is if anyone of you has made any performance tests 
> regarding STunnel in combination with an Apache HTTP server on the same 
> machine. I'm specially interested in modes to get this combination run 
> faster. And now please do not tell me to use mod_ssl. :)

Benchmark different key lengths and ciphers until you find the one
that's fastest.

And use session caching!

Brian Hatch                  Whatever hits the
   Systems and                fan will not be
   Security Engineer          evenly distributed.

Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20050718/989cefff/attachment.sig>

More information about the stunnel-users mailing list