Re: [libmicrohttpd] HTTPS delay

[Christian Grothoff]

On 10/30/2011 06:12 PM, Avner Flesch wrote:
> Thanks for the fast reply.
> I am using Linux on powerpc 875 (50 MHz).

Then 6s could totally be encryption.  This article might be a good start 
for cipher choices:

http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/

Also make sure that you compiled libgcrypt with optimizations (-O3).

Best regards,

Christian

> -----Original Message-----
> From: Christian Grothoff<address@hidden>
> Reply-to: libmicrohttpd development and user mailinglist
> <address@hidden>
> To: address@hidden
> Subject: Re: [libmicrohttpd] HTTPS delay
> Date: Sun, 30 Oct 2011 17:56:01 +0100
>
>
> On 10/30/2011 05:16 PM, Avner Flesch wrote:
> > Hi,
> >
> > I am developing simple secured HTTP (HTTPS) server for embedded system.
> > It seems that the delay is rather long - for example ~230 KB file delay
> > is almost 6 seconds.
> > Is there a way to speed it up?
>
> On an embedded system, I suspect the main contributor to latency is CPU
> time for the cryptographic operations (you didn't say what kind of
> embedded system, so it's hard for me to say if 6s is good or bad).
>
> You could configure MHD to use different (faster) ciphers, which may
> give you significant performance improvements (if CPU speed is the
> problem). Google's choices for HTTPS might be a good starting point.
>
> Changing the default cipher suite in MHD is done using
> MHD_OPTION_HTTPS_PRIORITIES followed by a string specifying the ciphers
> (see 'gnutls_priority_init' documentation for the format of that string).
>
> Other than that, there is little you can do: HTTPS is slow, and I'm
> generally pretty sure that MHD and GNUtls are about as fast as they can
> be (so switching to a different HTTP(S) server would also most likely
> not help you --- unless that server uses a different cipher suite by
> default, and in that case you could just use the option I gave above).
>
> Happy hacking!
>
> Christian