top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

SSL/TLS speed vs lighttpd

+1 vote
621 views

Is it possible to speed up httpd ssl? In my tests serving a static file compared to lighttpd, lighttpd is about 7.5 times faster.

I used a default httpd configuration and the way i did my test was:

cd /document/root
mkdir -p ram
mount -t tmpfs -osize=512M tmpfs ram/
cd ram
dd if=/dev/urandom of=file.bin

wget --no-check-certificate https://localhost/file.bin -O /dev/null

My test system here is linux 3.9.11 on Intel i5 760 @ 2.80GHz

lighttpd does about 135 MB/sec
apache httpd does 17.5 MB/sec

changing apache httpd.conf with:

SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on

apache httpd then does 18 MB/sec.

checking with google chrome, with default configurations, both lighttpd and apache httpd negotiate TLS 1.1. AES 256 The self signed certificate file apache httpd and lighttpd is identical. Both are linked
to the same openssl libs.

I want to use apache httpd on a LAN with gbit speed, serving files, and using WebDAV. When using embedded ARM processor @ 1ghz apache httpd is doing about 4MB/sec.

Any tips here? Is the apache httpd doing a lot of copies of the data from one buffer to another in the code that would be possible to optimize out?

I would prefer apache httpd, as the webdav compatibility is very good, vs lighttpd webdav is not fully implemented.

posted Aug 6, 2013 by Sheetal Chauhan

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button

Similar Questions
+2 votes
SSL Library Error with TLS enabled

I'm trying to set TLS protocol with the next parameter into the ssl.conf file: 

 SSLProtocol all -SSLv2 -SSLv3

but then my web application fails. I only can see next error in log file 

[info] SSL library error 1 in handshake (server my.server:443, client xx.xx.xx.xx)
[info] SSL Library Error: 336027900 error:140760FC:SSL routines:func(118):reason(252)
[info] Connection to child 4 closed with abortive shutdown(server my.server:443, client xx.xx.xx.xx)

I can`t see as well, into the customlog file, a "GET" that I can see when all protocols are enabled (no forcing TLS): 

10.5.137.162 - - [03/Feb/2015:09:30:47 0100] "GET /application/resources/css/template_v6.0.xsl HTTP/1.0" 200 28323

Any help will be appreciated

0 votes
How to access multiple virtual hosts with a single SSL instance?

How to use multiple virtual hosts with a single SSL instance running on the standard https port.

+1 vote
ssl on tomcat: making all links also https

I'm using apache 2.2 as front end and apache tomcat 6.0.37 as backend. I'm using mod_jk for connecting them.

The problem is. I'm using ssl certificates and configured ssl on apache. when I connect the site with https it works but when I click on an link it no more secure i.e. its not secure browsing anymore.

My requirement is as follows.

If user connects as https all the links should work as https. If the user connects as http all the links should work as http is such thing is possible?

+4 votes
Trouble installing renewed SSL certificate with Apache

The ssl cert on my apache server have expired. It is actually a server at work - a important one as well so I'm a bit stressed at the moment.

The cert is renewed and I have received the cert files. I'm now trying to install them but I can't get it to work.

I thought it was as simple as just copying the new crt file to the server and restart apache but apache start fails.

I see this in the log:

509 certificate routines:X509_check_private_key:key values mismatch

Server: Apache 2.2.22 on Ubuntu 12.04. How does one install a renewed ssl cert? Do I need to create a new private key and ca-bundle? Please point me in the right direction.

+1 vote
Apache: Virtual Hosts and SSL Puzzler

I have 3 virtual hosts that for all I can see are configured identically other the the obviously needed differences. The same is true of the 3 crt files.

 ServerName public.mydomain.com
 DocumentRoot /var/www/html
 SSLEngine on
 SSLCertificateFile /etc/httpd/SSL/public.crt
 SSLCertificateKeyFile /etc/postfix/SSL/server.key

 ServerName distrib.mydomain.com
 DocumentRoot /var/www/html/distrib
 SSLEngine on
 SSLCertificateFile /etc/httpd/SSL/distrib.crt
 SSLCertificateKeyFile /etc/postfix/SSL/server.key

 ServerName mail.mydomain.com
 DocumentRoot /usr/local/squirrelmail/www
 SSLEngine on
 SSLCertificateFile /etc/httpd/SSL/mail.crt
 SSLCertificateKeyFile /etc/postfix/SSL/server.key

The problem is that 2 of them work perfectly and the lock shows up in the browser. With the third (public), I get a gray globe indicating partial encryption which does not prevent eavesdropping. I have no clue
how to debug this or even where to look. Can someone point me in the right direction?

...