[stunnel-users] SSL Session Cache and HTTPS performance

• Previous message (by thread): [stunnel-users] SSL Session Cache and HTTPS performance
• Next message (by thread): [stunnel-users] smtps problem on Fedora Core 4
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey Brian,

thanks for the fast reply.

> Find code like this in the stunnel source:
> 
> 	    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);
> 
>             SSL_set_session(c->ssl, ctx->session_cache_head))
> 
> and comment any occurances out.  Recompile.  Should do the trick.
I did that. Found the first instruction in SSL.c and the second in 
client.c. Commenting them out and recompilation did not help. STunnel 
still uses Caching.
Correct me if I'm wrong, but afaik STunnel uses OpenSSL to handle SSL 
related things. I think OpenSSL uses a pre defined Session Timer of 300 
  s and simply commenting out the code in STunnel does not prevent 
OpenSSL from using his default value. We tried also to change the code 
and comment the check, if the session timer is at least equal to 1, out, 
but that still did not help.

> Benchmark different key lengths and ciphers until you find the one
> that's fastest.
> And use session caching!
Yes, we tried different parameters, but mod_ssl is about 50% faster than 
STunnel and Apache. But I think, that is quite normal.

Greetings,
  Daniel

• Previous message (by thread): [stunnel-users] SSL Session Cache and HTTPS performance
• Next message (by thread): [stunnel-users] smtps problem on Fedora Core 4
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]