Does usage of SSL connection with EMS server impact performance?
Article ID: KB0087461
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
Regarding SSL performance, there will be performance degradation when
using SSL, so much that selecting SSL must be done if there is really a need to
send encrypted data. We have customers that actually do not need to have
encrypted data, however don't want the username and password sent to the
server during the connection establishment to be sent without
encryption. For that there is a mode after EMS 4.2.0 that uses SSL only
for the authentication phase and then falls back to a normal TCP connection.
So during connection establishment, it will use the SSL. Once connection is
established, it will fall back to TCP connection. So more time will be taken during
connection establishment only and after that, performance should be like normal
TCP connection.
Other things to note when using SSL is that the handshake phase is
pretty heavy so you have to make sure (more than ever)
that you reuse connections and don't simply create a connection to send
a message! Make sure that, you create connection
once and reuse this connection if possible instead of deleting and
recreating the connection. Performance will get effected
severely.
Once the things above are checked then you can improve performance by
using different ciphers. In the main configuration
file there is a parameter that will let you define which ciphers can
be used. This will decide the performance also. Use a weaker
cipher, you can get better performance. An EMS developer recalls that
RC4 is the fastest cipher. AES128 is just slightly slower,
AES256 is yet slower and DES3 is slower than all. You can start your EMS
server "-ssl_debug_trace" parameter to check cipher
used between client and server.
We don't have any bench mark data to compare the performance as it
depends upon many factors. So please run your tests
with the load you want. Based on the results, you get you can select the
SSL or TCP and which ciphers you want etc.
Regarding SSL performance, there will be performance degradation when
using SSL, so much that selecting SSL must be done if there is really a need to
send encrypted data. We have customers that actually do not need to have
encrypted data, however don't want the username and password sent to the
server during the connection establishment to be sent without
encryption. For that there is a mode after EMS 4.2.0 that uses SSL only
for the authentication phase and then falls back to a normal TCP connection.
So during connection establishment, it will use the SSL. Once connection is
established, it will fall back to TCP connection. So more time will be taken during
connection establishment only and after that, performance should be like normal
TCP connection.
Other things to note when using SSL is that the handshake phase is
pretty heavy so you have to make sure (more than ever)
that you reuse connections and don't simply create a connection to send
a message! Make sure that, you create connection
once and reuse this connection if possible instead of deleting and
recreating the connection. Performance will get effected
severely.
Once the things above are checked then you can improve performance by
using different ciphers. In the main configuration
file there is a parameter that will let you define which ciphers can
be used. This will decide the performance also. Use a weaker
cipher, you can get better performance. An EMS developer recalls that
RC4 is the fastest cipher. AES128 is just slightly slower,
AES256 is yet slower and DES3 is slower than all. You can start your EMS
server "-ssl_debug_trace" parameter to check cipher
used between client and server.
We don't have any bench mark data to compare the performance as it
depends upon many factors. So please run your tests
with the load you want. Based on the results, you get you can select the
SSL or TCP and which ciphers you want etc.
Issue/Introduction
Does usage of SSL connection with EMS server impact performance?
Feedback
Yes
No
Powered by
