On Mon, Sep 26, 2005 at 08:54:30AM -0400, Cliff Woolley wrote:
> Session caching is more or less essential for any kind of reasonable
> SSL performance. Disabling the session cache will hurt your SSL perf
> by perhaps as much as an order of magnitude (roughly speaking -- it's
> been a long time since I benchmarked it).

The actual performance benefit is dependent on the usage pattern (mostly
the length of sessions) but fetching a session from the cache is easily
100x faster than negotiating a new session key (again ymmv dependt on
how much spare processing power you have).
Openssl is usefull in at least getting an idea of the order of magnitude
- run openssl speed rsa on the box to figure out how many rsa operations
it can handle concurrently for your chosen keysize.
openssl s_client with the -reconnect option will help determine wheter
session caching is working on the server.


Mads Toftum
`Darn it, who spiked my coffee with water?!' - lwall

__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org