ssl_session_cache in Nginx and the ab benchmark

31 December 2010   2 comments   Linux, DoneCal

Mind That Age!

This blog post is 8 years old! Most likely, its content is outdated. Especially if it's technical.

A couple of days ago I wrote about how blazing fast the DoneCal API can be on HTTP (1,400 requests/second) and how much slower it becomes when doing the same benchmark over HTTPS. It was, as Chris Adams pointed out, possible to run ab with Keep-Alive on and after some reading up it's clear that it's a good idea to switch on shared ssl_session_cache so that Nginx's SSL TCP traffic can cache some handshakes.

With ssl_session_cache shared:SSL:10m :

 Requests per second:    112.14 [#/sec] (mean)

Same cache size but with -k on the ab loadtest:

Requests per second:    906.44 [#/sec] (mean)

I'm fairly sure that most browsers with use Keep-Alive connections so I guess it's realistic to use -k when running ab but since this is a test of an API it's perhaps more likely than not that clients (i.e. computer programs) don't use it. To be honest I'm not really sure but it never the less feels right to be able to use ssl_session_cache to boost my benchmark by 40%.

It's also worth noticing that when doing a HTTP benchmark it's CPU bound on the Tornado (Python) processes (I use 4). But when doing HTTPS it's CPU bound on the Nginx itself (I use 1 worker process).



Nice post but I have one question about it.
In which version was the ApacheBench which you used for this test?

I tried the 2.3 but the results was the same (I verified wih gnutls-cli the SSL session is really reused).

Peter Bengtsson
I'm afraid it was so long ago that I no longer remember. In fact, I'm using a completely different work laptop at the moment for this.

Your email will never ever be published

Related posts

Speed of DoneCal API (over 1,400 request/sec) and HTTPS (less than 100 request/sec) 27 December 2010
ToDo apps I gave up on in 2010 03 January 2011
Related by Keyword:
Be very careful with your add_header in Nginx! You might make your site insecure 11 February 2018
How to deploy a create-react-app 04 November 2016
How I installed letsencrypt for Nginx 26 January 2016
How I stopped worrying about IO blocking Tornado 18 September 2012
Is Nginx obsolete now that we have Amazon CloudFront? 28 July 2012
Related by Text:
Be very careful with your add_header in Nginx! You might make your site insecure 11 February 2018
jQuery and Highslide JS 08 January 2008
I'm back! has been renewed 05 June 2005
Anti-McCain propaganda videos 12 August 2008
I'm Prolog 01 May 2007