Bad SSL performance

daniele · January 31, 2024, 5:52pm

Hi! I am a new to Caddy and just beginning to try it out. I did some very basic benchmarks and I am getting very strange results.

I have 2 VMs on the same network with 1 CPU core and 1GB of RAM.

On one, I am running Caddy without SSL, just a simple :80 respond “Hello World!”.

On the other, I run a basic ap (apache bench), I get about 10k rps, which is ok over the network.

Then I change to SSL with my-hostname respond “Hello World!” and only get about 300 rps. The CPU is only used about 50% and the rest is idle.

I have verified with a browser that SSL works correctly.

If I do the same thing with nginx, I get almost 2k rps with SSL. Surely the performance difference between the 2 cannot be that big? Is there any config I need to do in Caddy to make SSL performance better?

francislavoie · January 31, 2024, 7:09pm

Please fill out the help topic template as per the forum rules.

daniele · January 31, 2024, 7:54pm

That’s way too much to fill in just to get answer if Caddy is supposed to be that slow with SSL compared to nginx. Seems it could be a difference in the SSL cipher Caddy uses by default vs nginx.

francislavoie · January 31, 2024, 8:16pm

No, it’s not too much to fill. It’s necessary to understand if the problem exists because of how you’re testing, or how you set up your environment.

daniele · January 31, 2024, 8:21pm

Ok, no worries. I’ll just stick to nginx. Thanks.

matt · January 31, 2024, 8:33pm

On my machine I get 80k rps with TLS and over 100k rps without TLS, so, you are probably doing your test wrong.

Without more information there’s really no way to even have a discussion about performance.

daniele · January 31, 2024, 8:40pm

Sure, but are you testing over a network? Doing the test on the same machine as the server is pretty pointless for a real use case. Also, with those kind of numbers, you are most likely running it on a multi-core machine where things behave very differently from a single core machine where the scheduler needs to do more work. Also, did you compare your numbers to nginx? Anyways, I managed to get the numbers up by forcing another TLS Cipher. Now I have other issue instead. Starting to get failures when doing more than 300 concurrent requests. Must be a settings somewhere, because I have no issues doing at least 2000 concurrent request with nginx. But I had to increase the workers in nginx to achieve that. As far as I can tell, there are no workers setting for Cuddy, so I assume it’s something else going on there. No errors printed to the screen though, so no idea.

I am not trying to squeeze out as much performance as possible. I am simply checking if it can perform on the same level as nginx. Even if I would be doing the test “wrong”, it should be wrong for nginx as well.

I will test with some better tool than Apache Bench so that I can get some better insight into what’s happening. It was just the first thing I had handy.

system · March 1, 2024, 8:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.