[stunnel-users] SSL Session Cache and HTTPS performance

Daniel Hamburg daniel.hamburg at iis.rub.de
Tue Jul 19 10:12:35 CEST 2005

Hey Brian,

thanks for the fast reply.

> Find code like this in the stunnel source:
> 	    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);
>             SSL_set_session(c->ssl, ctx->session_cache_head))
> and comment any occurances out.  Recompile.  Should do the trick.
I did that. Found the first instruction in SSL.c and the second in 
client.c. Commenting them out and recompilation did not help. STunnel 
still uses Caching.
Correct me if I'm wrong, but afaik STunnel uses OpenSSL to handle SSL 
related things. I think OpenSSL uses a pre defined Session Timer of 300 
  s and simply commenting out the code in STunnel does not prevent 
OpenSSL from using his default value. We tried also to change the code 
and comment the check, if the session timer is at least equal to 1, out, 
but that still did not help.

> Benchmark different key lengths and ciphers until you find the one
> that's fastest.
> And use session caching!
Yes, we tried different parameters, but mod_ssl is about 50% faster than 
STunnel and Apache. But I think, that is quite normal.


More information about the stunnel-users mailing list