How to reduce TLS handshake time to reach higher performance

caddyserver / caddy

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

https://caddyserver.com

Apache License 2.0

56.86k stars 3.98k forks source link

How to reduce TLS handshake time to reach higher performance #6463

Closed nonbutAworker closed 1 month ago

nonbutAworker commented 1 month ago

Hi Team, This is my caddy server cpu flam graph at 2000 request/s, I notice that TLS handshak used up most of CPU resources (nearly 80% percent) , I have looked up directive TLS document, but I cannot find any directives can improve performance like sessionid or session tikects in NGINX

I need some directives like that can help improve caddy server performance, any help would be apprecaited !

mholt commented 1 month ago

That's 77% of the cpu time spent serving connections, not 77% of your total CPU. This flame graph is not surprising considering that. Handshakes are the expensive part of any connection.

You could check if your hardware accelerates these crypto routines. Also, using an ECC key will be much faster than an RSA key.

mholt commented 1 month ago

Closing due to inactivity / nothing actionable to do here at this time.