Ssl_ciphers for speed

Hello

I am using nginx 2.0 built with OpenSSL 0.9.8 and I have the following
configuration for my ssl:

listen 443 ssl;
ssl_certificate /etc/ssl/private/wildcardcert.crt;
ssl_certificate_key /etc/ssl/private/wildcardcert.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;

Since I dont have ssl_ciphers I assume its picking up the default
settings ’
HIGH:!ADH:!MD5;’

I found quite a few articles to make the SSL connection strong and more
secure but I am looking for a solution which is fastest in terms of
negotiating an SSL connection. Can you recommend me some ssl_cipher /
other
settings I should try to boost speed. I dont transfer any secure data so
I
am not concerned about security.

Thanks
Sparsh G.

On Sat, May 05, 2012 at 06:23:24PM +0530, Sparsh G. wrote:

ssl_prefer_server_ciphers on;

Thanks
Sparsh G.

Here is what we use for a use case with similar requirements:

ssl_ciphers
RC4:AES128+SHA:!kEDH:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

RC4 is the fastest without hardware assist. If you have hardware support
in
your processor for AES, put the AES128 first, instead of RC4.

Regards,
Ken

Thanks, I dont have AES support in my processor and I tried doing some
benchmarks with the suggested cipher

I saw very negligible improvement unfortunately. Is this is the best my
processor can do? Or is there any thing else I can tweak in my machine
(and
nginx) to improve SSL connections speed

Thanks
Sparsh G.

Hi,

On 06-05-2012 11:20, Sparsh G. wrote:

Thanks, I dont have AES support in my processor and I tried doing
some
benchmarks with the suggested cipher I saw very negligible
improvement
unfortunately.

Is this is the best my processor can do?
Or is there any thing else I can tweak in my machine
(and nginx) to improve SSL connections speed

What do you get when you call

openssl speed

or dedicated

openssl speed rc4 aes sha1

for your all options for speed please call

openssl speed --help

To see if openssl is able to use a ssl-engine please check the output
of

openssl engine -t -v

Thanks
Sparsh G.

BR
Aleks

ssl_certificate /etc/ssl/private/wildcardcert.crt;
I found quite a few articles to make the SSL connection strong and
Thanks

Regards,
Ken


nginx mailing list
[email protected] [1]
nginx Info Page [2]

Links:

On Sun, May 06, 2012 at 02:50:58PM +0530, Sparsh G. wrote:

Thanks, I dont have AES support in my processor and I tried doing some
benchmarks with the suggested cipher

I saw very negligible improvement unfortunately. Is this is the best my
processor can do? Or is there any thing else I can tweak in my machine (and
nginx) to improve SSL connections speed

Thanks
Sparsh G.

If you are using RC4 that is pretty much the best that you can do with
respect to encryption speed. It sounds like the slow part is not the
SSL/TLS encryption.

Cheers,
Ken