Bad SSL performance

Hi! I am a new to Caddy and just beginning to try it out. I did some very basic benchmarks and I am getting very strange results.

I have 2 VMs on the same network with 1 CPU core and 1GB of RAM.

On one, I am running Caddy without SSL, just a simple :80 respond “Hello World!”.

On the other, I run a basic ap (apache bench), I get about 10k rps, which is ok over the network.

Then I change to SSL with my-hostname respond “Hello World!” and only get about 300 rps. The CPU is only used about 50% and the rest is idle.

I have verified with a browser that SSL works correctly.

If I do the same thing with nginx, I get almost 2k rps with SSL. Surely the performance difference between the 2 cannot be that big? Is there any config I need to do in Caddy to make SSL performance better?

Please fill out the help topic template as per the forum rules.

That’s way too much to fill in just to get answer if Caddy is supposed to be that slow with SSL compared to nginx. Seems it could be a difference in the SSL cipher Caddy uses by default vs nginx.

No, it’s not too much to fill. It’s necessary to understand if the problem exists because of how you’re testing, or how you set up your environment.

Ok, no worries. I’ll just stick to nginx. Thanks.

On my machine I get 80k rps with TLS and over 100k rps without TLS, so, you are probably doing your test wrong. :man_shrugging:

Without more information there’s really no way to even have a discussion about performance.

Sure, but are you testing over a network? Doing the test on the same machine as the server is pretty pointless for a real use case. Also, with those kind of numbers, you are most likely running it on a multi-core machine where things behave very differently from a single core machine where the scheduler needs to do more work. Also, did you compare your numbers to nginx? Anyways, I managed to get the numbers up by forcing another TLS Cipher. Now I have other issue instead. Starting to get failures when doing more than 300 concurrent requests. Must be a settings somewhere, because I have no issues doing at least 2000 concurrent request with nginx. But I had to increase the workers in nginx to achieve that. As far as I can tell, there are no workers setting for Cuddy, so I assume it’s something else going on there. No errors printed to the screen though, so no idea.

I am not trying to squeeze out as much performance as possible. I am simply checking if it can perform on the same level as nginx. Even if I would be doing the test “wrong”, it should be wrong for nginx as well.

I will test with some better tool than Apache Bench so that I can get some better insight into what’s happening. It was just the first thing I had handy.