I've enabled SSL on my proxy server and found that the performance has dropped from around 17k requests per second to 5k request per second. I followed the code in Netty's secure chat example and I don't think I've done anything differently.
I've written a dummy server to see if I've made some mistakes on my proxy. Running the dummy SSL server in normal http mode is capable of around 50k request per second. When I enable SSL on the dummy server that drops to 28k requests per second.
Is there anything I'm doing wrong? Is there something I'm missing?
I'm using JDK 6 to compile the code, running on JDK 7u4. I'm using Netty-3.5.0 as well. I'm using zeusbench to run the test. The test parameters are: zeusbench -n 10000 -c 100 -k -C RC4_SHA "https:///"
Source: http://pastebin.com/iahqr3zT
Edit 1: I've run the dummy server through JProfiler. The SSLContext.createSSLEngine call in the pipeline factory takes (on average) 55,005 microseconds (that average has been calculated from 540 invocations of the method).
The SslHandler.handshake call in channelConnected takes (on average) 46,284 microseconds (that average has been calculated from 540 invocations of the method).
I understand there isn't much Netty can do about the call to createSSLEngine, but could the SslHandler.handshake be tuned any better? Its taking almost as long as the generation of the engine itself.
Encryption/Decryption w/ java is really slow.
You should not use SSL implementation w/ java for the performance.
There are several ways to avoid java for SSL connection:
- Configure proxy server which provide SSL connection infront of your java server
- Implement ssl handshaking library w/ openssl use the library in netty code by jni
You could try re-using ssl sessions for existing connections, this reduces the ssl handshake and should give you a general boost.
来源:https://stackoverflow.com/questions/10896502/how-can-i-increase-server-ssl-performance