Slow SSL
Added by ajayahmed almost 15 years ago
Hello Team
My system details:
CPU: 2x xeon e5620 2.4ghz RAM: 16gb ddr3 HDD: ssd ocz agility2 over raid10 O/S: red hat enterprise 5 Internet: bt 500mbps 1:1 uncontended
I'm extremely impressed with lighttpd's content delivery on plain text but when SSL is enabled there is an extreme delay (4-15s to display hello).
The main folder is /var/www/lighttpd/ and I have a virtual host with its document root as /var/www/test1/. Both folders contain only 1 file that has the following contents:
Hello
This had me so estranged so I investigated further and found the total CPU load barely reaches 5% and total RAM usage is around 9% so I'm thinking maybe it's something to do with the configuration file (which is just a basic setup)? Can anyone shed some insight on this please?
lighttpd.conf
server.modules = (
"mod_access",
"mod_fastcgi",
"mod_accesslog" )
server.document-root = "/var/www/lighttpd/"
server.errorlog = "/var/log/lighttpd/error.log"
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm" )
mimetype.assign = (
".rpm" => "application/x-rpm",
".pdf" => "application/pdf",
".sig" => "application/pgp-signature",
".spl" => "application/futuresplash",
".class" => "application/octet-stream",
".ps" => "application/postscript",
".torrent" => "application/x-bittorrent",
".dvi" => "application/x-dvi",
".gz" => "application/x-gzip",
".pac" => "application/x-ns-proxy-autoconfig",
".swf" => "application/x-shockwave-flash",
".tar.gz" => "application/x-tgz",
".tgz" => "application/x-tgz",
".tar" => "application/x-tar",
".zip" => "application/zip",
".mp3" => "audio/mpeg",
".m3u" => "audio/x-mpegurl",
".wma" => "audio/x-ms-wma",
".wax" => "audio/x-ms-wax",
".ogg" => "application/ogg",
".wav" => "audio/x-wav",
".gif" => "image/gif",
".jar" => "application/x-java-archive",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".png" => "image/png",
".xbm" => "image/x-xbitmap",
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".css" => "text/css",
".html" => "text/html",
".htm" => "text/html",
".js" => "text/javascript",
".asc" => "text/plain",
".c" => "text/plain",
".cpp" => "text/plain",
".log" => "text/plain",
".conf" => "text/plain",
".text" => "text/plain",
".txt" => "text/plain",
".dtd" => "text/xml",
".xml" => "text/xml",
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
".avi" => "video/x-msvideo",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
".wmv" => "video/x-ms-wmv",
".bz2" => "application/x-bzip",
".tbz" => "application/x-bzip-compressed-tar",
".tar.bz2" => "application/x-bzip-compressed-tar",
"" => "application/octet-stream",
)
accesslog.filename = "/var/log/lighttpd/access.log"
url.access-deny = ( "~", ".inc" )
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.port = 443
server.bind = "xxx.xxx.xxx.xxx"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "lighttpd"
server.groupname = "lighttpd"
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/var/run/lighttpd/php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi"
)
)
)
ssl.engine = "enable"
ssl.pemfile = "/path/to/ssl/file/lighttpd/host.pem"
include_shell "find /etc/lighttpd/conf.d -maxdepth 1 -name '*.conf' -exec cat {} \;"
$HTTP["host"] == "test1.mydomain.com" {
ssl.pemfile = "/path/to/ssl/files/lighttpd/test1/host.pem"
server.document-root = "/var/www/test1"
}
4 seconds to load a 5 byte file off 1 thread? What happens when there's 2 people? 10 people? 100 people? If this is a known issue or if anyone else has had similar experiences but never figured out a way to fix it please let me know. If it's not ready for corporate delivery I'd leave it for now and play around with it in my spare time
Replies (2)
RE: Slow SSL - Added by nitrox almost 15 years ago
strace -T -o foo.txt openssl s_client -connect <box:443>
Find out where its wasting the time or make the file available and we can try to figure out whats going on.
RE: Slow SSL - Added by darix almost 15 years ago
If this is a linux system check:
$ cat /proc/sys/kernel/random/entropy_avail
good values are 1000 or more. ideally you want around 3000.
if you are around 130, you want to install something that feeds entropy to your kernel. this can either be hardware solutions or just software rng. I had good results with haveged and timer-entropyd.
http://www.vanheusden.com/te/
http://www.issihosts.com/haveged/