Re: SSL best option for new deployments

And stud is still young and does not have all the features stunnel owns ;)

cheers

On Tue, Dec 13, 2011 at 11:43 PM, John Lauro <john.lauro#covenanteyes.com> wrote:
> Interesting.
>
> Found this with google comparing the two (only a few months old):
> http://vincent.bernat.im/en/blog/2011-ssl-benchmark.html
>
> In summary, performance appears to be close as long as you only have 1 core,
> but stud scales better with multiple cores.  However, as noted in the
> replies, newer version of stunnel probably perform better.
>
>
>
>
>> -----Original Message-----
>> From: "Brane F. Gračnar" [mailto:brane.gracnar#tsmedia.si]
>> Sent: Tuesday, December 13, 2011 5:21 PM
>> To: David Prothero
>> Cc: John Lauro; haproxy#formilux.org
>> Subject: Re: SSL best option for new deployments
>>
>> On 12/13/2011 10:43 PM, David Prothero wrote:
>> > I've been using stunnel with the X-Forwarded-For patch. Is stud
>> preferable to stunnel for some reason?
>>
>> Stunnel usually uses thread-per-connection architecture - as you
>> probably know this programming model has serious scaling issues. Stud is
>> single-threaded and runs as single-master/multiple-workers process,
>> meaning that it can efficiently utilize power of multi-core cpus without
>> context-switching overheaded resulting from hundreds (possibly
>> thousands) of threads competing for cpu time slice.
>>
>> Stud is implemented on top of libev, one of the most efficient event
>> loops available.
>>
>> It also uses much less memory than stunnel (openssl >= 1.x.x).
>>
>> Best regards, Brane
>
Received on 2011/12/13 23:58