Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: use different public-key length certs for TLS #2080

Merged
merged 33 commits into from
Apr 3, 2025

Conversation

DeagleGross
Copy link
Contributor

@DeagleGross DeagleGross commented Mar 31, 2025

I've noticed, that certificate length heavily contributes to the TLS speed (4096 bit vs 2048 bit). I have seen http.sys using 2048 bit length cert, and kestrel using a testCert.pfx which is 4096 bit length, meaning tests are unfair.

Besides updating certificates on the machines, I prepared a separate nginx test (with a possibility to specify a cert length) and updated http.sys + kestrel benchmarks to have such a parameter (http.sys now issues a cert before each run and kestrel uses pre-created certs)

Here are the RPS values for some random run on a server using different cert lengths

Cert length \ Server Nginx Kestrel Http.Sys
2048 2,167 1436 1250-1450 (depending on EC curve)
4096 491 443 439

@DeagleGross DeagleGross self-assigned this Mar 31, 2025
@sebastienros
Copy link
Member

fyi we already have some docker file and config and certs using nginx. At least if there is a reason to create a new one then some things should be reused: https://github.com/aspnet/Benchmarks/blob/main/docker/nginx/nginx-https.conf

@DeagleGross DeagleGross changed the title feat: nginx to test TLS speed feat: use different public-key length certs for TLS Apr 3, 2025
@DeagleGross DeagleGross merged commit 1d7322b into aspnet:main Apr 3, 2025
2 checks passed
@DeagleGross DeagleGross deleted the dmkorolev/nginx branch April 3, 2025 11:16
@sebastienros
Copy link
Member

Can you check there aren't secrets / keys to add in the configuration files to prevent credscan from blocking internal merges?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants