如何提高服务器SSL性能 [英] How can I increase server SSL performance
问题描述
我已在代理服务器上启用SSL,发现性能已从每秒约17,000个请求降至每秒5k个请求.我按照Netty的安全聊天示例中的代码进行操作,但我认为我所做的任何事情都没有不同.
I've enabled SSL on my proxy server and found that the performance has dropped from around 17k requests per second to 5k request per second. I followed the code in Netty's secure chat example and I don't think I've done anything differently.
我写了一个虚拟服务器,看我是否在代理服务器上犯了一些错误.在正常的http模式下运行虚拟SSL服务器每秒可以处理约5万个请求.当我在虚拟服务器上启用SSL时,每秒下降28,000个请求.
I've written a dummy server to see if I've made some mistakes on my proxy. Running the dummy SSL server in normal http mode is capable of around 50k request per second. When I enable SSL on the dummy server that drops to 28k requests per second.
我在做错什么吗?有什么我想念的吗?
Is there anything I'm doing wrong? Is there something I'm missing?
我正在使用JDK 6编译在JDK 7u4上运行的代码.我也在使用Netty-3.5.0. 我正在使用zeusbench进行测试.测试参数为:zeusbench -n 10000 -c 100 -k -C RC4_SHA"https:///"
I'm using JDK 6 to compile the code, running on JDK 7u4. I'm using Netty-3.5.0 as well. I'm using zeusbench to run the test. The test parameters are: zeusbench -n 10000 -c 100 -k -C RC4_SHA "https:///"
来源: http://pastebin.com/iahqr3zT
我已经通过JProfiler运行了虚拟服务器. 管道工厂中的SSLContext.createSSLEngine调用(平均)需要55.005微秒(该平均值是根据540次方法调用得出的).
Edit 1: I've run the dummy server through JProfiler. The SSLContext.createSSLEngine call in the pipeline factory takes (on average) 55,005 microseconds (that average has been calculated from 540 invocations of the method).
channelConnected中的SslHandler.handshake调用平均需要46,284微秒(该平均值是根据540次方法调用得出的).
The SslHandler.handshake call in channelConnected takes (on average) 46,284 microseconds (that average has been calculated from 540 invocations of the method).
我知道Netty不能对createSSLEngine进行调用,但是SslHandler.handshake是否可以进行更好的调整?它花费的时间几乎与引擎本身的产生时间相同.
I understand there isn't much Netty can do about the call to createSSLEngine, but could the SslHandler.handshake be tuned any better? Its taking almost as long as the generation of the engine itself.
推荐答案
您可以尝试对现有连接重新使用ssl会话,这样可以减少ssl握手,应该会给您带来一般的推动作用.
You could try re-using ssl sessions for existing connections, this reduces the ssl handshake and should give you a general boost.
这篇关于如何提高服务器SSL性能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
