Improve SSL Performance with Nginx

performance nginx amazon-web-services ssl

I had some performance problems in nginx and incapsula and i found that the problem was related with the cipher used. Incapsula was connecting with DHE-RSA-AES128-SHA and that gave low performance and high load on the server. I use the "Intermediate list" in https://wiki.mozilla.org/Security/Server_Side_TLS and done some stress tests with the ciphers and got this results for the ones that worked:

Cipher                      Worst response time
DHE-RSA-AES128-SHA         15.745s
DHE-RSA-AES256-SHA         15.271s
AES128-SHA                 1.421s
AES256-SHA                 1.765s  
DES-CBC3-SHA               1.459s

So as you can see, DHE-* where working badly, but AES128-SHA is working fine. So if you think you have performance problems, build a stress test with a few hundred or thousands connections and configure nginx to just use one cipher. you should be able to see if any cipher is working bladly and try to disable it (do not forget to test the final setup against your clients, or use ssllabs test to see if you are not blocking your users)

Related

Find number of unused disk bays on a dell server running windows or ESXi
How to maximize utilization of fluentd server?
VirtualHost Defaulting to Wrong Deployment on Restart
What is difference between .\, (local), localhost, and computername in windows?
json - select object without quotation using jq tool
How to save List Of HashMap in android?
How are HDFS files getting stored on underlying OS filesystem?
check if object has key in Typescript and use that key
A blank space appears after inserting an image in an HTML table
Segue and delegates in UIKit
Replace all urls with minified urls within a string containing mixed content
How to pass None keyword as command line argument