Greetings!<br><br><div class="gmail_quote">On Tue, Apr 10, 2012 at 12:50 PM, Ali Sabil <span dir="ltr"><<a href="mailto:ali.sabil@gmail.com">ali.sabil@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Morgan,<br>
<br>
Did you check which cipher is being used in your c++ server vs the<br>
erlang server? DHE ciphers are notably slow.<br>
<br>
You can check which cipher suite is being used with:<br>
    openssl s_client -host HOST -port PORT<br></blockquote><div><br>Actually - this isn't completely true.  What the above command gives you is the specific cipher that openssl and your server negotiated FOR THAT SESSION.  Both clients and servers typically support multiple ciphers and versions.  During the SSL setup the two parties negotiate to find the most secure algorithm that they both support.<br>
<br>There is every chance that openssl and your benchmarking software are utilising two different algorithms.<br><br>To identify which algorithms are supported you need to use a tool such as THCSSLCheck: <a href="http://www.thc.org/root/tools/THCSSLCheck.zip">http://www.thc.org/root/tools/THCSSLCheck.zip</a><br>
<br>Example output:<br><br>red@underhand:~/Downloads/thc$ wine THCSSLCheck.exe <a href="http://www.erlang.org">www.erlang.org</a> 443<br><br><br>------------------------------------------------------------------------<br>
THCSSLCheck v0.1 - coding johnny cyberpunk (<a href="http://www.thc.org">www.thc.org</a>) 2004<br>------------------------------------------------------------------------<br><br>[*] testing if port is up. pleaze wait...<br>
[*] port is up !<br>[*] testing if service speaks SSL ...<br>[*] service speaks SSL !<br><br><br>[*] now testing SSLv2<br>----------------------------------------------------------------------<br>                  DES-CBC3-MD5 - 168 Bits - unsupported<br>
                  IDEA-CBC-MD5 - 128 Bits - unsupported<br>                   RC2-CBC-MD5 - 128 Bits - unsupported<br>                       RC4-MD5 - 128 Bits - unsupported<br>                    RC4-64-MD5 -  64 Bits - unsupported<br>
                   DES-CBC-MD5 -  56 Bits - unsupported<br>               EXP-RC2-CBC-MD5 -  40 Bits - unsupported<br>                   EXP-RC4-MD5 -  40 Bits - unsupported<br><br><br>[*] now testing SSLv3<br>----------------------------------------------------------------------<br>
            DHE-RSA-AES256-SHA - 256 Bits -   supported<br>            DHE-DSS-AES256-SHA - 256 Bits - unsupported<br>                    AES256-SHA - 256 Bits -   supported<br>          EDH-RSA-DES-CBC3-SHA - 168 Bits -   supported<br>
          EDH-DSS-DES-CBC3-SHA - 168 Bits - unsupported<br>                  DES-CBC3-SHA - 168 Bits -   supported<br>            DHE-RSA-AES128-SHA - 128 Bits -   supported<br>            DHE-DSS-AES128-SHA - 128 Bits - unsupported<br>
                    AES128-SHA - 128 Bits -   supported<br>                  IDEA-CBC-SHA - 128 Bits - unsupported<br>               DHE-DSS-RC4-SHA - 128 Bits - unsupported<br>                       RC4-SHA - 128 Bits -   supported<br>
                       RC4-MD5 - 128 Bits -   supported<br>   EXP1024-DHE-DSS-DES-CBC-SHA -  56 Bits - unsupported<br>           EXP1024-DES-CBC-SHA -  56 Bits - unsupported<br>           EXP1024-RC2-CBC-MD5 -  56 Bits - unsupported<br>
           EDH-RSA-DES-CBC-SHA -  56 Bits -   supported<br>           EDH-DSS-DES-CBC-SHA -  56 Bits - unsupported<br>                   DES-CBC-SHA -  56 Bits -   supported<br>       EXP1024-DHE-DSS-RC4-SHA -  56 Bits - unsupported<br>
               EXP1024-RC4-SHA -  56 Bits - unsupported<br>               EXP1024-RC4-MD5 -  56 Bits - unsupported<br>       EXP-EDH-RSA-DES-CBC-SHA -  40 Bits - unsupported<br>       EXP-EDH-DSS-DES-CBC-SHA -  40 Bits - unsupported<br>
               EXP-DES-CBC-SHA -  40 Bits - unsupported<br>               EXP-RC2-CBC-MD5 -  40 Bits - unsupported<br>                   EXP-RC4-MD5 -  40 Bits - unsupported<br><br><br>[*] now testing TLSv1<br>----------------------------------------------------------------------<br>
            DHE-RSA-AES256-SHA - 256 Bits -   supported<br>            DHE-DSS-AES256-SHA - 256 Bits - unsupported<br>                    AES256-SHA - 256 Bits -   supported<br>          EDH-RSA-DES-CBC3-SHA - 168 Bits -   supported<br>
          EDH-DSS-DES-CBC3-SHA - 168 Bits - unsupported<br>                  DES-CBC3-SHA - 168 Bits -   supported<br>            DHE-RSA-AES128-SHA - 128 Bits -   supported<br>            DHE-DSS-AES128-SHA - 128 Bits - unsupported<br>
                    AES128-SHA - 128 Bits -   supported<br>                  IDEA-CBC-SHA - 128 Bits - unsupported<br>               DHE-DSS-RC4-SHA - 128 Bits - unsupported<br>                       RC4-SHA - 128 Bits -   supported<br>
                       RC4-MD5 - 128 Bits -   supported<br>   EXP1024-DHE-DSS-DES-CBC-SHA -  56 Bits - unsupported<br>           EXP1024-DES-CBC-SHA -  56 Bits - unsupported<br>           EXP1024-RC2-CBC-MD5 -  56 Bits - unsupported<br>
           EDH-RSA-DES-CBC-SHA -  56 Bits -   supported<br>           EDH-DSS-DES-CBC-SHA -  56 Bits - unsupported<br>                   DES-CBC-SHA -  56 Bits -   supported<br>       EXP1024-DHE-DSS-RC4-SHA -  56 Bits - unsupported<br>
               EXP1024-RC4-SHA -  56 Bits - unsupported<br>               EXP1024-RC4-MD5 -  56 Bits - unsupported<br>       EXP-EDH-RSA-DES-CBC-SHA -  40 Bits - unsupported<br>       EXP-EDH-DSS-DES-CBC-SHA -  40 Bits - unsupported<br>
               EXP-DES-CBC-SHA -  40 Bits - unsupported<br>               EXP-RC2-CBC-MD5 -  40 Bits - unsupported<br>                   EXP-RC4-MD5 -  40 Bits - unsupported<br><br>Kind Regards,<br><br><br><br>Red<br><br>
</div></div>