ssl_session_cache in Nginx and the ab benchmark

31 December 2010   2 comments   Linux, DoneCal

Mind that age!

This blog post is 11 years old! Most likely, its content is outdated. Especially if it's technical.

A couple of days ago I wrote about how blazing fast the DoneCal API can be on HTTP (1,400 requests/second) and how much slower it becomes when doing the same benchmark over HTTPS. It was, as Chris Adams pointed out, possible to run ab with Keep-Alive on and after some reading up it's clear that it's a good idea to switch on shared ssl_session_cache so that Nginx's SSL TCP traffic can cache some handshakes.

With ssl_session_cache shared:SSL:10m :

 Requests per second:    112.14 [#/sec] (mean)

Same cache size but with -k on the ab loadtest:

Requests per second:    906.44 [#/sec] (mean)

I'm fairly sure that most browsers with use Keep-Alive connections so I guess it's realistic to use -k when running ab but since this is a test of an API it's perhaps more likely than not that clients (i.e. computer programs) don't use it. To be honest I'm not really sure but it never the less feels right to be able to use ssl_session_cache to boost my benchmark by 40%.

It's also worth noticing that when doing a HTTP benchmark it's CPU bound on the Tornado (Python) processes (I use 4). But when doing HTTPS it's CPU bound on the Nginx itself (I use 1 worker process).




Nice post but I have one question about it.
In which version was the ApacheBench which you used for this test?

I tried the 2.3 but the results was the same (I verified wih gnutls-cli the SSL session is really reused).


Peter Bengtsson

I'm afraid it was so long ago that I no longer remember. In fact, I'm using a completely different work laptop at the moment for this.

Your email will never ever be published

Related posts